Download
go-safeweb is a security-focused HTTP framework for Go that bakes in secure defaults so common web vulnerabilities are harder to introduce. Instead of leaving headers and policies to ad-hoc middleware, it sets Content Security Policy, X-Frame-Options, and other protections by default, and centralizes template escaping rules. Request handling emphasizes principled APIs for parsing and validating input, reducing the risk of injection and deserialization bugs. The framework’s routing and response layers are designed to be explicit and auditable, making it clearer when unsafe behaviors are being opted into. It also offers utilities for CSRF protection, secure cookies, and safe resource embedding that work well with Go’s standard library. By turning security posture into a first-class concern, go-safeweb helps teams achieve defense-in-depth without scattering security logic across a codebase.
Features
- Secure-by-default headers and policies like CSP and XFO
- Built-in XSS-safe templating and output encoding helpers
- Explicit request parsing and validation utilities
- CSRF protection and hardened cookie/session handling
- Clear routing and response APIs with opt-in to risky features
- Plays nicely with the Go standard library and existing middleware
Project Samples
