Search Results for "input-leap"

...Contrary to express-like frameworks, it doesn't employ middlewares. Instead, everything is handled in a linear way. Concepts closely related to websites (like cookies, CGI, form input, etc.) are directly supported by rouille. More general concepts (like database handling or templating) are not directly handled, as they are considered orthogonal to the microweb framework. However, rouille's design makes it easy to use in conjunction with any third-party library without the need for any glue code. The rouille library just ignores this optimization and focuses on providing an easy-to-use synchronous API instead, where each request is handled in its own dedicated thread.

...Instead of leaving headers and policies to ad-hoc middleware, it sets Content Security Policy, X-Frame-Options, and other protections by default, and centralizes template escaping rules. Request handling emphasizes principled APIs for parsing and validating input, reducing the risk of injection and deserialization bugs. The framework’s routing and response layers are designed to be explicit and auditable, making it clearer when unsafe behaviors are being opted into. It also offers utilities for CSRF protection, secure cookies, and safe resource embedding that work well with Go’s standard library. ...

SecureProxy is an proxy application which sits in front of a web server and enforces general security policies which prevent clients from accessing restricted portions of the website or providing dangerous or unauthorized input.