Difference between this package and github.com/unrolled/secure
Closed this issue · 1 comments
Just curious what the difference might be, both in terms of features and design, with the unrolled/secure package.
Thanks!
CSP Middleware.
CSP can be added as a standalone middleware for applications that require dynamic nonce letting of all other middleware that would do just fine at a reverse proxy. It also gives an option to control byte amount. This feature was added to unrolled/secure by me couple of weeks ago too.
Apart from that the API tries to be strongly typed where it can be avoiding errors where it can.
And its opinionated in nonce generation, which makes it faster, almost 90% on my machine*. This is mostly due to use of sync pool and not using crypto rand to generate the nonce as in my opinion crypto rand is an overkill for something as trivial as CSP nonce.
It lacks https/host redirect features of the unrolled/secure package.