Skip to content
Permalink
Browse files

Add headerMiddleware

  • Loading branch information...
shibayu36 committed Jun 2, 2019
1 parent aabe085 commit a230d9ee68c5ad6bd955f6015852b1da709bc12e
Showing with 44 additions and 0 deletions.
  1. +13 −0 web/middleware.go
  2. +31 −0 web/middleware_test.go
@@ -1 +1,14 @@
package web

import (
"net/http"
)

func headerMiddleware(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("X-XSS-Protection", "1; mode=block")
w.Header().Set("X-Content-Type-Options", "nosniff")
w.Header().Set("X-Frame-Options", "DENY")
next.ServeHTTP(w, r)
})
}
@@ -0,0 +1,31 @@
package web

import (
"fmt"
"net/http"
"net/http/httptest"
"testing"

"github.com/stretchr/testify/assert"
)

// getTestHandler returns a http.HandlerFunc for testing http middleware
func getTestHandler() http.HandlerFunc {
fn := func(w http.ResponseWriter, r *http.Request) {
fmt.Fprintln(w, "Test Handler")
}
return http.HandlerFunc(fn)
}

func TestHeaderMiddleware(t *testing.T) {
ts := httptest.NewServer(headerMiddleware(getTestHandler()))
defer ts.Close()

resp, err := http.Get(ts.URL)
assert.NoError(t, err)
defer resp.Body.Close()

assert.Equal(t, "1; mode=block", resp.Header.Get("X-XSS-Protection"))
assert.Equal(t, "nosniff", resp.Header.Get("X-Content-Type-Options"))
assert.Equal(t, "DENY", resp.Header.Get("X-Frame-Options"))
}

0 comments on commit a230d9e

Please sign in to comment.
You can’t perform that action at this time.