docs: refine secure.go configuration handling

- Add comments to the `Config` struct in `secure.go`
- Insert a new line in `secure_test.go` without additional content
- Remove an empty line from `secure_test.go`

Signed-off-by: Bo-Yi Wu <[email protected]>

policy.go

@@ -67,7 +67,7 @@ func (p *policy) loadConfig(config Config) {
 		if config.STSIncludeSubdomains {
 			stsSub = "; includeSubdomains"
 		}
-                if config.STSPreload {
+		if config.STSPreload {
 			stsSub = "; preload"
 		}
 		// TODO

secure.go

@@ -5,7 +5,7 @@ import "github.com/gin-gonic/gin"
 // Config is a struct for specifying configuration options for the secure.
 type Config struct {
 	// AllowedHosts is a list of fully qualified domain names that are allowed.
-	//Default is empty list, which allows any and all host names.
+	// Default is empty list, which allows any and all host names.
 	AllowedHosts []string
 	// If SSLRedirect is set to true, then only allow https requests.
 	// Default is false.
@@ -22,11 +22,11 @@ type Config struct {
 	// If STSIncludeSubdomains is set to true, the `includeSubdomains` will
 	// be appended to the Strict-Transport-Security header. Default is false.
 	STSIncludeSubdomains bool
-        // If STSPreload is set to true, the `; preload` will be appended to the
-        // Strict-Transport-Security header. Default is false.
-        // Note that removal is non-trivial and enabling this means you need to
-        // support https long-term. See https://hstspreload.org/ for more info.
-        STSPreload bool
+	// If STSPreload is set to true, the `; preload` will be appended to the
+	// Strict-Transport-Security header. Default is false.
+	// Note that removal is non-trivial and enabling this means you need to
+	// support https long-term. See https://hstspreload.org/ for more info.
+	STSPreload bool
 	// If FrameDeny is set to true, adds the X-Frame-Options header with
 	// the value of `DENY`. Default is false.
 	FrameDeny bool
@@ -64,15 +64,17 @@ type Config struct {
 
 // DefaultConfig returns a Configuration with strict security settings.
 // ```
-//		SSLRedirect:           true
-//		IsDevelopment:         false
-//		STSSeconds:            315360000
-//		STSIncludeSubdomains:  true
-//		FrameDeny:             true
-//		ContentTypeNosniff:    true
-//		BrowserXssFilter:      true
-//		ContentSecurityPolicy: "default-src 'self'"
-//		SSLProxyHeaders:       map[string]string{"X-Forwarded-Proto": "https"},
+//
+//	SSLRedirect:           true
+//	IsDevelopment:         false
+//	STSSeconds:            315360000
+//	STSIncludeSubdomains:  true
+//	FrameDeny:             true
+//	ContentTypeNosniff:    true
+//	BrowserXssFilter:      true
+//	ContentSecurityPolicy: "default-src 'self'"
+//	SSLProxyHeaders:       map[string]string{"X-Forwarded-Proto": "https"},
+//
 // ```
 func DefaultConfig() Config {
 	return Config{

secure_test.go

@@ -110,6 +110,7 @@ func TestBadMultipleAllowHosts(t *testing.T) {
 
 	assert.Equal(t, http.StatusForbidden, w.Code)
 }
+
 func TestAllowHostsInDevMode(t *testing.T) {
 	router := newServer(Config{
 		AllowedHosts:  []string{"www.example.com", "sub.example.com"},
@@ -122,7 +123,6 @@ func TestAllowHostsInDevMode(t *testing.T) {
 }
 
 func TestBadHostHandler(t *testing.T) {
-
 	badHandler := func(c *gin.Context) {
 		c.String(http.StatusInternalServerError, "BadHost")
 		c.Abort()
@@ -175,7 +175,7 @@ func TestBasicSSL(t *testing.T) {
 
 func TestDontRedirectIPV4Hostnames(t *testing.T) {
 	router := newServer(Config{
-		SSLRedirect: true,
+		SSLRedirect:               true,
 		DontRedirectIPV4Hostnames: true,
 	})