-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
safeweb: init #11467
safeweb: init #11467
Conversation
63e2c22
to
7c02b54
Compare
b4164ce
to
82fb019
Compare
f1f050e
to
c6b6a2a
Compare
c6b6a2a
to
2485c54
Compare
142e052
to
16dcb34
Compare
16dcb34
to
109b7b9
Compare
109b7b9
to
1279c7d
Compare
648368f
to
817c722
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(Possibly more to come later; just some 1st thoughts)
817c722
to
a4f323f
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I made a bunch of suggestions, mostly related to the docs, all of which you should feel free to disagree with.
2d00ac9
to
3981406
Compare
Updates tailscale/corp#8027 Safeweb is a wrapper around http.Server & tsnet that encodes some application security defaults. Safeweb asks developers to split their HTTP routes into two http.ServeMuxs for serving browser and API-facing endpoints repsectively. It then wraps these HTTP routes with the context-appropriate security controls. safeweb.Server#Serve will serve the HTTP muxes over the provided listener. Caller are responsible for creating and tearing down their application's listeners. Applications being served over HTTPS that wish to implement HTTP redirects can use the Server#HTTPRedirect handler to do so. Signed-off-by: Patrick O'Doherty <patrick@tailscale.com>
3981406
to
3c11465
Compare
Updates https://github.com/tailscale/corp/issues/8027
Implement a first pass of "safeweb" per the "Secure Internal Web Applications by Default" eng doc.
Safeweb is a wrapper around http.Server & tsnet that encodes some
application security defaults.
Safeweb asks developers to split their HTTP routes into two
http.ServeMuxs for serving browser and API-facing endpoints
repsectively. It then wraps these HTTP routes with the
context-appropriate security controls.
safeweb.Server#Serve will serve the HTTP muxes over the provided
listener. Caller are responsible for creating and tearing down their
application's listeners. Applications being served over HTTPS that wish
to implement HTTP redirects can use the Server#HTTPRedirect handler to
do so.