echo/middleware/strict_secure.go


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

package middleware

import (
	gltime "code.crute.us/mcrute/golib/time"

	"github.com/labstack/echo/v4"
	"github.com/labstack/echo/v4/middleware"
)

// StrictSecure returns a Secure middleware with strict settings which match
// the legacy nginx proxy defaults.
func StrictSecure() echo.MiddlewareFunc {
	return middleware.SecureWithConfig(middleware.SecureConfig{
		XFrameOptions:         "SAMEORIGIN",
		ContentTypeNosniff:    "nosniff",
		XSSProtection:         "1; mode=block",
		ReferrerPolicy:        "same-origin",
		HSTSExcludeSubdomains: false,
		HSTSPreloadEnabled:    true,
		HSTSMaxAge:            gltime.ToSeconds(2 * gltime.Year),
	})
}