Techly NewsGet the app

Get the latest tech news

Go-Safeweb


Secure-by-default HTTP servers in Go. Contribute to google/go-safeweb development by creating an account on GitHub.

Focusing solely on security allows us to maintain high compatibility with the standard library and makes adoption easier. XSS (cross-site scripting) and XSSI (cross-site script inclusion)- e.g. by controlling how responses are generated XSRF (cross-site request forgery)- e.g. by using Fetch Metadata policies, supporting token-based XSRF protection CORS (cross-origin resource sharing)- e.g. by taking control of CORS response headers and handling CORS preflight requests CSP (content security policy)- e.g. by automatically adding script nonces to HTML responses, adding relevant security headers Transport Security- e.g. by enforcing HSTS support IFraming- e.g. by setting relevant HTTP headers to restrict framing or providing server-side support for origin selection Auth (access control)- e.g. by providing infrastructure for plugging in access control logic in an uniform, auditable way HTTP Request Parsing Bugs- e.g. by implementing strict and well documented parsing behavior Error responses- e.g. by providing infrastructure for uniform error handling (e.g. to prevent accidental leaks or XSS from error responses) Enforcement of other security specific HTTP headers- here Imagine now that at some point, security standards need to be increased and user = "frombulator" has been determined to not meet the desired bar.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Safeweb

Safeweb

« IBM Boosts the Amount of Computation You Can Get Done On Quantum Hardware
JSON for Classic C++ »