Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add function Handler for convenience #14

Merged
merged 1 commit into from Aug 6, 2018
Merged

add function Handler for convenience #14

merged 1 commit into from Aug 6, 2018

Conversation

kr
Copy link
Owner

@kr kr commented Aug 6, 2018
edited

This function signature makes it easier to do the most
common usage patterns I'm aware of, after several years
of seeing this package used in the wild.

http.Handle("/", secureheader.Handler(mux))
http.ListenAndServe(addr, nil)

and

http.Handle("/a", a)
http.Handle("/b", b)
http.ListenAndServe(addr, secureheader.Handler(nil))

and

var h http.Handler
h = mux
h = middleware3(h)
h = secureheader.Handler(h)
h = middleware1(h)
http.ListenAndServe(addr, h)

@kr
add function Handler for convenience
5b1e45d 
This function signature makes it easier to do the most
common usage patterns I'm aware of, after several years
of seeing this package used in the wild.

	http.Handle("/", secureheader.Handler(mux))

and

	http.Handle("/a", a)
	http.Handle("/b", b)
	http.ListenAndServe(addr, secureheader.Handler(nil))

and

	var h http.Handler
	h = mux
	h = middleware3(h)
	h = secureheader.Handler(h)
	h = middleware1(h)
	http.ListenAndServe(addr, h)
@kr
Copy link
Owner Author

kr commented Aug 6, 2018

PTAL

croaky
croaky approved these changes Aug 6, 2018
View reviewed changes
Copy link

@croaky croaky left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

example_test.go
secureheader.DefaultConfig.HSTSIncludeSubdomains = false
secureheader.DefaultConfig.FrameOptions = false
http.ListenAndServe(":80", secureheader.DefaultConfig)
h := secureheader.Handler(http.DefaultServeMux)
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Articles like this mention http.DefaultServeMux as a potential security gotcha. Would it be better to use something else here in the context of a security-focused library?

Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah maybe. For the purpose of this PR, I just wanted to update the form of the examples, but not change their behavior. Opened #15 to track this.

ryandotsmith
ryandotsmith approved these changes Aug 6, 2018
View reviewed changes
Copy link

@ryandotsmith ryandotsmith left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛋 comfy.
lgtm

@kr kr mentioned this pull request Aug 6, 2018
Open
@kr kr merged commit 9ede934 into main Aug 6, 2018
@kr kr deleted the handler branch August 6, 2018 20:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@croaky croaky croaky approved these changes

@ryandotsmith ryandotsmith ryandotsmith approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@kr @croaky @ryandotsmith