Skip to content

add function Handler for convenience #14

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
kr merged 1 commit into from
Aug 6, 2018
Merged

add function Handler for convenience #14

kr merged 1 commit into from
Aug 6, 2018

Conversation

@kr
Copy link
Owner

@kr kr commented Aug 6, 2018
edited
Loading

This function signature makes it easier to do the most
common usage patterns I'm aware of, after several years
of seeing this package used in the wild.

http.Handle("/", secureheader.Handler(mux))
http.ListenAndServe(addr, nil)

and

http.Handle("/a", a)
http.Handle("/b", b)
http.ListenAndServe(addr, secureheader.Handler(nil))

and

var h http.Handler
h = mux
h = middleware3(h)
h = secureheader.Handler(h)
h = middleware1(h)
http.ListenAndServe(addr, h)

@kr
add function Handler for convenience
5b1e45d 
This function signature makes it easier to do the most
common usage patterns I'm aware of, after several years
of seeing this package used in the wild.

	http.Handle("/", secureheader.Handler(mux))

and

	http.Handle("/a", a)
	http.Handle("/b", b)
	http.ListenAndServe(addr, secureheader.Handler(nil))

and

	var h http.Handler
	h = mux
	h = middleware3(h)
	h = secureheader.Handler(h)
	h = middleware1(h)
	http.ListenAndServe(addr, h)
@kr
Copy link
Owner Author

kr commented Aug 6, 2018

PTAL

croaky
croaky approved these changes Aug 6, 2018
View reviewed changes
Copy link

@croaky croaky left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

example_test.go
secureheader.DefaultConfig.HSTSIncludeSubdomains = false
secureheader.DefaultConfig.FrameOptions = false
http.ListenAndServe(":80", secureheader.DefaultConfig)
h := secureheader.Handler(http.DefaultServeMux)
Copy link

@croaky croaky Aug 6, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Articles like this mention http.DefaultServeMux as a potential security gotcha. Would it be better to use something else here in the context of a security-focused library?

Copy link
Owner Author

@kr kr Aug 6, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah maybe. For the purpose of this PR, I just wanted to update the form of the examples, but not change their behavior. Opened #15 to track this.

ryansmith3136
ryansmith3136 approved these changes Aug 6, 2018
View reviewed changes
Copy link

@ryansmith3136 ryansmith3136 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛋 comfy.
lgtm

@kr kr mentioned this pull request Aug 6, 2018
Open
@kr kr merged commit 9ede934 into main Aug 6, 2018
@kr kr deleted the handler branch August 6, 2018 20:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@croaky croaky croaky approved these changes

@ryansmith3136 ryansmith3136 ryansmith3136 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@kr @croaky @ryansmith3136