-
Notifications
You must be signed in to change notification settings - Fork 134
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Seeking information about redirecting HTTP to HTTPS #22
Comments
Hey @amankapoor, it's definitely safe to have a single middleware with all your additional options set. The One suggestion I would make is to remove the If you remove that one line, your implementation looks very close to what I use in production! Let me know if this helps! |
Hi, thank you very much for the information, it really helped. Also, I would like to share that I am new to deploying, and I want to deploy my small apps on one t2.micro. So my research taught me that I need a reverse proxy like nginx to do this job. Although I have not yet started using nginx because I am spending time writing the app, but I think if I will keep |
Sounds good! Should this issue be closed now? |
Yeah. Thank you for the help. |
Hi, I used your redirecting example and I am interested in knowing if it is SAFE to add more headers to
secureMiddleware
of your example or not? I am very new to security in Go. The thing is that your approach shows that we create onesecureMiddleware
and pass it toListenAndServe
go routine as well asListenAndServeTLS
.What if, I do the same thing but add more header to that
secureMiddleware
? Is this a possibility that hackers somehow get to understand that we are redirected fromhttp
tohttps
and therefore we can get into the http version of the server (because I am passing the main gorilla router toListenAndServe
). Does something like this happen?And what about future links we visit on the site after first redirection?
ListenAndServe
was used only once when we typed url withouthttps
(I am on development right now). I still want to confirm as I am not sure.Below is my current main function for your reference:
Or, should we have one
secureMiddleware
and oneredirectMiddleware
; theredirectMiddleware
will be exactly like the one in your HTTP to HTTPS redirection example in readme. And, pass thisredirectMiddleware
toListenAndServe
with the main router (in my caser
).Please clarify. And, if we can use same
secureMiddleware
then I would prefer we add comments stating something like "// you can have more headers here" in thesecureMiddleware
of redirection example.The text was updated successfully, but these errors were encountered: