Skip to content

Improve secure middleware readability and add deprecation notice #2826

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Improve secure middleware readability and add deprecation notice #2826

wants to merge 1 commit into from

Conversation

vishr
Copy link
Member

@vishr vishr commented Sep 16, 2025

Summary

Improves code readability and maintainability of the secure middleware with better user guidance.

Changes:

  1. Refactor HSTS header construction - Replace nested fmt.Sprintf with slice building and strings.Join for clearer logic
  2. Add X-XSS-Protection deprecation notice - Document that CSP is recommended over the deprecated header
  3. Clean up imports - Remove unused fmt import

Benefits:

  • Cleaner, more maintainable HSTS directive building
  • Better user guidance about modern security practices
  • Improved code readability

Test plan

  • All existing tests pass
  • Linting passes
  • No behavioral changes to security headers

Fixes #2799

🤖 Generated with Claude Code

@vishr @claude
Improve secure middleware readability and add deprecation notice
a9df64c 
- Refactor HSTS header construction using slice and strings.Join
  for better readability instead of nested fmt.Sprintf
- Add deprecation notice for X-XSS-Protection header with CSP recommendation
- Remove unused fmt import

Improves code maintainability and provides better user guidance.

Fixes #2799

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <[email protected]>
aldas
aldas requested changes Sep 30, 2025
View reviewed changes
Copy link
Contributor

@aldas aldas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think all of these strings.Join(directives, "; ") calculation could be precalculated, between 109 and 110 lines

return func(next echo.HandlerFunc) echo.HandlerFunc {
// here
		return func(c echo.Context) error {

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aldas aldas aldas requested changes

+1 more reviewer

@kmk142789 kmk142789 kmk142789 approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Further improve readability and maintainability of middleware/secure.go
3 participants
@vishr @aldas @kmk142789