New creates a new middleware handler
(config ...Config)
| 8 | |
| 9 | // New creates a new middleware handler |
| 10 | func New(config ...Config) fiber.Handler { |
| 11 | // Init config |
| 12 | cfg := configDefault(config...) |
| 13 | |
| 14 | // Return middleware handler |
| 15 | return func(c fiber.Ctx) error { |
| 16 | // Next request to skip middleware |
| 17 | if cfg.Next != nil && cfg.Next(c) { |
| 18 | return c.Next() |
| 19 | } |
| 20 | |
| 21 | // Set headers |
| 22 | if cfg.XSSProtection != "" { |
| 23 | c.Set(fiber.HeaderXXSSProtection, cfg.XSSProtection) |
| 24 | } |
| 25 | |
| 26 | if cfg.ContentTypeNosniff != "" { |
| 27 | c.Set(fiber.HeaderXContentTypeOptions, cfg.ContentTypeNosniff) |
| 28 | } |
| 29 | |
| 30 | if cfg.XFrameOptions != "" { |
| 31 | c.Set(fiber.HeaderXFrameOptions, cfg.XFrameOptions) |
| 32 | } |
| 33 | |
| 34 | if cfg.CrossOriginEmbedderPolicy != "" { |
| 35 | c.Set("Cross-Origin-Embedder-Policy", cfg.CrossOriginEmbedderPolicy) |
| 36 | } |
| 37 | |
| 38 | if cfg.CrossOriginOpenerPolicy != "" { |
| 39 | c.Set("Cross-Origin-Opener-Policy", cfg.CrossOriginOpenerPolicy) |
| 40 | } |
| 41 | |
| 42 | if cfg.CrossOriginResourcePolicy != "" { |
| 43 | c.Set("Cross-Origin-Resource-Policy", cfg.CrossOriginResourcePolicy) |
| 44 | } |
| 45 | |
| 46 | if cfg.OriginAgentCluster != "" { |
| 47 | c.Set("Origin-Agent-Cluster", cfg.OriginAgentCluster) |
| 48 | } |
| 49 | |
| 50 | if cfg.ReferrerPolicy != "" { |
| 51 | c.Set("Referrer-Policy", cfg.ReferrerPolicy) |
| 52 | } |
| 53 | |
| 54 | if cfg.XDNSPrefetchControl != "" { |
| 55 | c.Set("X-DNS-Prefetch-Control", cfg.XDNSPrefetchControl) |
| 56 | } |
| 57 | |
| 58 | if cfg.XDownloadOptions != "" { |
| 59 | c.Set("X-Download-Options", cfg.XDownloadOptions) |
| 60 | } |
| 61 | |
| 62 | if cfg.XPermittedCrossDomain != "" { |
| 63 | c.Set("X-Permitted-Cross-Domain-Policies", cfg.XPermittedCrossDomain) |
| 64 | } |
| 65 | |
| 66 | // Handle HSTS headers |
| 67 | if c.Secure() && cfg.HSTSMaxAge > 0 { |