Mode:
Duration:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
package main
import (
"fmt"
"net/http"
)
func securityMiddleware(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// Security Headers
w.Header().Set("X-Content-Type-Options", "nosniff")
w.Header().Set("X-Frame-Options", "DENY")
w.Header().Set("Content-Security-Policy", "default-src 'self'")
// CORS Example
w.Header().Set("Access-Control-Allow-Origin", "https://example.com")
next.ServeHTTP(w, r)
})
}
func userHandler(w http.ResponseWriter, r *http.Request) {
// SQL Injection Prevention:
// Use prepared statements instead of string concatenation
query := "SELECT * FROM users WHERE id = ?"
fmt.Fprintln(w, "Safe Query:", query)
fmt.Fprintln(w, "XSS protection enabled")
fmt.Fprintln(w, "CSRF validation enabled")
}
func main() {
handler := securityMiddleware(http.HandlerFunc(userHandler))
http.Handle("/users", handler)
fmt.Println("Secure API running on :8080")
http.ListenAndServe(":8080", nil)
}Coding works best on desktop or with an external keyboard.