Skip to content

Instantly share code, notes, and snippets.



Last active Sep 7, 2018
What would you like to do?
A wrapper for HTTP handlers with sensible defaults (objective: get a perfect score on
package main
import (
func main() {
http.HandleFunc("/", secure(handle))
func handle(w http.ResponseWriter, r *http.Request) {
fmt.Fprintln(w, "Hello, world!")
func secure(handler func(http.ResponseWriter, *http.Request)) func(http.ResponseWriter, *http.Request) {
return func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Referrer-Policy", "no-referrer")
w.Header().Set("X-XSS-Protection", "1; mode=block")
w.Header().Set("Strict-Transport-Security", "max-age=63072000")
w.Header().Set("Content-Security-Policy", "default-src 'none'; frame-ancestors 'none'")
w.Header().Set("X-Frame-Options", "DENY")
w.Header().Set("X-Content-Type-Options", "nosniff")
if r.URL.Scheme == "http" {
url := "https://" + r.Host + r.RequestURI
http.Redirect(w, r, url, http.StatusMovedPermanently)
handler(w, r)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment