A way to adopt Go Safe Web one handler at a time

google / go-safeweb

Secure-by-default HTTP servers in Go.

Apache License 2.0

1.43k stars 81 forks source link

A way to adopt Go Safe Web one handler at a time #287

Closed kele closed 3 years ago

kele commented 3 years ago

Added a RegisteredHandler function that retrieves the registered HTTP handler.

This allows for using safehttp.ServeMux alongside net/http.Handler.

Fixes #245.

mikue commented 3 years ago

I like this as well.

While we are back to calling Mux() which we wanted to try avoiding in #279, I didn't find a nice way to do so without having an ugly public API like in the example from #279. I dislike the duplicate Handle() calls, but I think the trade-off is okay in the end, because otherwise the public API gets more convoluted, so LGTM.