Giters
google
/
go-safeweb
Secure-by-default HTTP servers in Go.
Geek Repo:
Geek Repo
Github PK Tool:
Github PK Tool
Stargazers:
667
Watchers:
31
Issues:
171
Forks:
62
google/go-safeweb Issues
Add XFO support for older browsers.
Closed
2 years ago
Comments count
1
We need a copyright check for non-Go files as a GitHub action pre-submit
Closed
3 years ago
Provide a way to execute a template by name
Closed
3 years ago
Add a plaintext type that is safe by default
Updated
4 years ago
Comments count
3
Allow using ServeMux as a factory for net/http.Handlers
Closed
3 years ago
Comments count
2
All registered paths call the same handler
Closed
4 years ago
flight.WriteError calling http.ResponseWriter.WriteHeader causes DefaultDispatcher to superfluously call WriteHeader the second time
Closed
3 years ago
Comments count
2
Make interceptor plugins consistent
Updated
3 years ago
Make xsrfhtml not require a key
Updated
4 years ago
plugins/staticheaders: Add a `Vary: Cookie` header by default
Updated
4 years ago
Comments count
5
xsrfangular might be vulnerable to BREACH attack
Closed
4 years ago
Comments count
3
Add path traversal attack tests
Updated
2 years ago
Comments count
1
Mismatch between the directory name and package name of the Fetch Metadata plugin
Closed
4 years ago
Comments count
2
When mux responds with Method Not Allowed, make the response go through WriteError
Closed
3 years ago
Comments count
1
Add support for custom templated response types
Closed
3 years ago
Comments count
2
Safesql: args are not spread out when calling wrapped database/sql functions
Closed
4 years ago
Comments count
2
Add a Reporting Plugin
Closed
3 years ago
Provide examples on how to use and adopt the framework
Closed
4 years ago
Provide an ergonomic way to do per-handler interceptor configuration
Updated
3 years ago
Comments count
5
Should ResponseWriter.SetCode allow setting a 3XX or 4XX-5XX status code?
Closed
4 years ago
All plugins should have example tests
Updated
3 years ago
Extend the Interceptor interface with an OnError method
Closed
4 years ago
Extend the XSRF plugin to provide protection for Angular XHR
Closed
4 years ago
Allow users to provide their own router
Updated
2 years ago
Comments count
2
Clear headers map in safehttp.ResponseWriter.WriteError
Closed
4 years ago
Comments count
4
Support buffering the template execution for better error handling
Closed
4 years ago
Comments count
2
Simple file server (no dispatcher, no interceptors)
Closed
3 years ago
Comments count
2
Serve a standard error response (safeHTML or template) when client-side error occurs
Closed
4 years ago
Comments count
1
Make XSRF token and CSP nonce injection generic
Updated
4 years ago
Ensure the Content-Type header is set before calling WriteHeader in safehttp.ResponseWriter
Closed
4 years ago
Passing an error message to ResponseWriter.WriteError
Closed
4 years ago
Comments count
1
htmlinject: Add nonces to style tags
Closed
4 years ago
htmlinject: Export constants for noncing functions names
Closed
4 years ago
htmlinject: Provide a helper to parse templates
Closed
4 years ago
Consider using Tink instead of x/net/xsrftoken
Updated
4 years ago
Provide a way to do local development (plugins should be informed about this to change behavior)
Closed
3 years ago
Comments count
2
Existing interceptors don't satisfy the safehttp.Interceptor interface
Closed
4 years ago
Consider making host checks in a plugin rather than in the core mux implementation
Closed
4 years ago
Add godoc to the safesql/sqlwrap.go package
Closed
4 years ago
Fix interaction problems between passing a response to the safehttp.ResponseWriter writing functions that triggers an error and trying to call the markWritten function.
Closed
4 years ago
Comments count
1
Fix safesql doc to link to the original doc in every type
Closed
4 years ago
Make sure that writing twice to the ResponseWriter using any writing methods in any order causes a panic by refactoring test.
Closed
4 years ago
ResponseWriter.Redirect checks whether the given status is in the right range (300-399), this should be removed to be consistent with WriteError
Updated
4 years ago
Comments count
4
Change ServeMux to write a 200 Ok response instead of 204 No Content when handler doesn't write any response to be in line with net/http.
Closed
3 years ago
Comments count
2
Status code in safehttptest.ResponseRecorder should be 0 by default instead of 200 so that interceptors that don't set it can be tested properly.
Closed
3 years ago
Comments count
2
Add support to set 2XX statuses that are not 200 and 204
Closed
4 years ago
Comments count
3
Consider removing WriteTemplate and WriteJSON, implement helpers to just rely on Write
Closed
4 years ago
Comments count
1
Use a single Dispatcher and http.ResponseWriter implementation in testing
Closed
4 years ago
Feature Request: Ban multiple configs for the same interceptor.
Closed
3 years ago
Comments count
1
Add a Commit phase to the Interceptor interface
Closed
4 years ago
Previous
Next