search

google / go-safeweb

Secure-by-default HTTP servers in Go.
Apache License 2.0
666 stars 62 forks source link

Find a way to make plugins cooperate #89

Open kele opened 4 years ago

kele commented 4 years ago

Problem

Some plugins need to cooperate. For instance: framing plugin needs to cooperate with a csp plugin, cors would usually disable xsrf.

Proposed solution

To avoid the extra complexity of facilitating plugins (their interceptors) cooperation during execution time, we want to introduce orchestrators (name TBD).

At mux startup time, orchestrators would add other plugins to the respective handlers. Example:

mux.Handler(..., framing.Orchestrate(framing.UseCSP, framing.UseXFO))

The framing package would depend on the csp and the xfo packages in order to install and/or amend their configuration to support safe iframing.

empijei commented 4 years ago

SGTM, should I provide some sample implementations?