Skip to content
Middleware to force SSL on requests to a go-json-rest API.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

wercker status Coverage Status GoDoc license

Force SSL Middleware for go-json-rest

Middleware to force SSL on requests to a go-json-rest API.


go get

Example Usage

package main

import (

func main() {
    api := rest.NewApi()
    api.Use(&forceSSL.Middleware{}) // struct with options
    api.SetApp(rest.AppSimple(func(w rest.ResponseWriter, r *rest.Request) {
        w.WriteJson(map[string]string{"body": "Hello World!"})
    log.Fatal(http.ListenAndServe(":8080", api.MakeHandler()))


Option Type Description Defaults to
TrustXFPHeader bool Trust X-Forwarded-Proto headers (this can allow a client to spoof whether they were using HTTPS) false
Enable301Redirects bool Enables 301 redirects to the HTTPS version of the request. false
Message string Allows a custom response message when forcing SSL without redirect. SSL Required.

Middleware Options Example

  TrustXFPHeader: true,
  Enable301Redirects: true,
  Message: "We are unable to process your request over HTTP."

Per-route SSL Settings

Using rest.IfMiddleware in go-json-rest, it is possible to force SSL on a per-route basis.

Example Usage

forceSSLMiddleware := &forceSSL.Middleware{
	TrustXFPHeader:     true,
	Enable301Redirects: false,
	Message:            "Login required for Admin portal.",
api := rest.NewApi()

// Conditionally force certain routes to use forceSSLMiddleware
	Condition: func(request *rest.Request) bool {
		return request.URL.Path == "/admin"
	IfTrue: forceSSLMiddleware,
You can’t perform that action at this time.