Copyright | Will Thompson Iñaki García Etxebarria and Jonas Platte |
---|---|
License | LGPL-2.1 |
Maintainer | Iñaki García Etxebarria |
Safe Haskell | Safe-Inferred |
Language | Haskell2010 |
A HSTSEnforcer
stores HSTS policies and enforces them when
required. HSTSEnforcer
implements SessionFeature
, so you
can add an HSTS enforcer to a session with
sessionAddFeature
or sessionAddFeatureByType
.
HSTSEnforcer
keeps track of all the HTTPS destinations that,
when connected to, return the Strict-Transport-Security header with
valid values. HSTSEnforcer
will forget those destinations
upon expiry or when the server requests it.
When the Session
the HSTSEnforcer
is attached to queues
or restarts a message, the HSTSEnforcer
will rewrite the URI
to HTTPS if the destination is a known HSTS host and is contacted
over an insecure transport protocol (HTTP). Users of
HSTSEnforcer
are advised to listen to changes in
SoupMessage:uri in order to be aware of changes in the message URI.
Note that HSTSEnforcer
does not support any form of long-term
HSTS policy persistence. See SoupHSTSDBEnforcer
for a persistent
enforcer.
Synopsis
- newtype HSTSEnforcer = HSTSEnforcer (ManagedPtr HSTSEnforcer)
- class (GObject o, IsDescendantOf HSTSEnforcer o) => IsHSTSEnforcer o
- toHSTSEnforcer :: (MonadIO m, IsHSTSEnforcer o) => o -> m HSTSEnforcer
- hSTSEnforcerGetDomains :: (HasCallStack, MonadIO m, IsHSTSEnforcer a) => a -> Bool -> m [Text]
- hSTSEnforcerGetPolicies :: (HasCallStack, MonadIO m, IsHSTSEnforcer a) => a -> Bool -> m [HSTSPolicy]
- hSTSEnforcerHasValidPolicy :: (HasCallStack, MonadIO m, IsHSTSEnforcer a) => a -> Text -> m Bool
- hSTSEnforcerIsPersistent :: (HasCallStack, MonadIO m, IsHSTSEnforcer a) => a -> m Bool
- hSTSEnforcerNew :: (HasCallStack, MonadIO m) => m HSTSEnforcer
- hSTSEnforcerSetPolicy :: (HasCallStack, MonadIO m, IsHSTSEnforcer a) => a -> HSTSPolicy -> m ()
- hSTSEnforcerSetSessionPolicy :: (HasCallStack, MonadIO m, IsHSTSEnforcer a) => a -> Text -> Bool -> m ()
- type C_HSTSEnforcerChangedCallback = Ptr () -> Ptr HSTSPolicy -> Ptr HSTSPolicy -> Ptr () -> IO ()
- type HSTSEnforcerChangedCallback = HSTSPolicy -> HSTSPolicy -> IO ()
- afterHSTSEnforcerChanged :: (IsHSTSEnforcer a, MonadIO m) => a -> HSTSEnforcerChangedCallback -> m SignalHandlerId
- genClosure_HSTSEnforcerChanged :: MonadIO m => HSTSEnforcerChangedCallback -> m (GClosure C_HSTSEnforcerChangedCallback)
- mk_HSTSEnforcerChangedCallback :: C_HSTSEnforcerChangedCallback -> IO (FunPtr C_HSTSEnforcerChangedCallback)
- noHSTSEnforcerChangedCallback :: Maybe HSTSEnforcerChangedCallback
- onHSTSEnforcerChanged :: (IsHSTSEnforcer a, MonadIO m) => a -> HSTSEnforcerChangedCallback -> m SignalHandlerId
- wrap_HSTSEnforcerChangedCallback :: HSTSEnforcerChangedCallback -> C_HSTSEnforcerChangedCallback
- type C_HSTSEnforcerHstsEnforcedCallback = Ptr () -> Ptr Message -> Ptr () -> IO ()
- type HSTSEnforcerHstsEnforcedCallback = Message -> IO ()
- afterHSTSEnforcerHstsEnforced :: (IsHSTSEnforcer a, MonadIO m) => a -> HSTSEnforcerHstsEnforcedCallback -> m SignalHandlerId
- genClosure_HSTSEnforcerHstsEnforced :: MonadIO m => HSTSEnforcerHstsEnforcedCallback -> m (GClosure C_HSTSEnforcerHstsEnforcedCallback)
- mk_HSTSEnforcerHstsEnforcedCallback :: C_HSTSEnforcerHstsEnforcedCallback -> IO (FunPtr C_HSTSEnforcerHstsEnforcedCallback)
- noHSTSEnforcerHstsEnforcedCallback :: Maybe HSTSEnforcerHstsEnforcedCallback
- onHSTSEnforcerHstsEnforced :: (IsHSTSEnforcer a, MonadIO m) => a -> HSTSEnforcerHstsEnforcedCallback -> m SignalHandlerId
- wrap_HSTSEnforcerHstsEnforcedCallback :: HSTSEnforcerHstsEnforcedCallback -> C_HSTSEnforcerHstsEnforcedCallback
Exported types
newtype HSTSEnforcer Source #
Memory-managed wrapper type.
HSTSEnforcer (ManagedPtr HSTSEnforcer) |
Instances
Eq HSTSEnforcer Source # | |
Defined in GI.Soup.Objects.HSTSEnforcer (==) :: HSTSEnforcer -> HSTSEnforcer -> Bool # (/=) :: HSTSEnforcer -> HSTSEnforcer -> Bool # | |
GObject HSTSEnforcer Source # | |
Defined in GI.Soup.Objects.HSTSEnforcer | |
ManagedPtrNewtype HSTSEnforcer Source # | |
Defined in GI.Soup.Objects.HSTSEnforcer toManagedPtr :: HSTSEnforcer -> ManagedPtr HSTSEnforcer | |
TypedObject HSTSEnforcer Source # | |
Defined in GI.Soup.Objects.HSTSEnforcer | |
HasParentTypes HSTSEnforcer Source # | |
Defined in GI.Soup.Objects.HSTSEnforcer | |
IsGValue (Maybe HSTSEnforcer) Source # | Convert |
Defined in GI.Soup.Objects.HSTSEnforcer gvalueGType_ :: IO GType gvalueSet_ :: Ptr GValue -> Maybe HSTSEnforcer -> IO () gvalueGet_ :: Ptr GValue -> IO (Maybe HSTSEnforcer) | |
type ParentTypes HSTSEnforcer Source # | |
Defined in GI.Soup.Objects.HSTSEnforcer |
class (GObject o, IsDescendantOf HSTSEnforcer o) => IsHSTSEnforcer o Source #
Type class for types which can be safely cast to HSTSEnforcer
, for instance with toHSTSEnforcer
.
Instances
(GObject o, IsDescendantOf HSTSEnforcer o) => IsHSTSEnforcer o Source # | |
Defined in GI.Soup.Objects.HSTSEnforcer |
toHSTSEnforcer :: (MonadIO m, IsHSTSEnforcer o) => o -> m HSTSEnforcer Source #
Cast to HSTSEnforcer
, for types for which this is known to be safe. For general casts, use castTo
.
Methods
Click to display all available methods, including inherited ones
Methods
addFeature, attach, bindProperty, bindPropertyFull, detach, forceFloating, freezeNotify, getv, hasFeature, hasValidPolicy, isFloating, isPersistent, notify, notifyByPspec, ref, refSink, removeFeature, runDispose, stealData, stealQdata, thawNotify, unref, watchClosure.
Getters
getData, getDomains, getPolicies, getProperty, getQdata.
Setters
setData, setDataFull, setPolicy, setProperty, setSessionPolicy.
getDomains
hSTSEnforcerGetDomains Source #
:: (HasCallStack, MonadIO m, IsHSTSEnforcer a) | |
=> a |
|
-> Bool |
|
-> m [Text] | Returns: a newly allocated
list of domains. Use |
Gets a list of domains for which there are policies in enforcer
.
Since: 2.68
getPolicies
hSTSEnforcerGetPolicies Source #
:: (HasCallStack, MonadIO m, IsHSTSEnforcer a) | |
=> a |
|
-> Bool |
|
-> m [HSTSPolicy] | Returns: a newly
allocated list of policies. Use |
Gets a list with the policies in enforcer
.
Since: 2.68
hasValidPolicy
hSTSEnforcerHasValidPolicy Source #
:: (HasCallStack, MonadIO m, IsHSTSEnforcer a) | |
=> a |
|
-> Text |
|
-> m Bool | Returns: |
Gets whether hstsEnforcer
has a currently valid policy for domain
.
Since: 2.68
isPersistent
hSTSEnforcerIsPersistent Source #
:: (HasCallStack, MonadIO m, IsHSTSEnforcer a) | |
=> a |
|
-> m Bool | Returns: |
Gets whether hstsEnforcer
stores policies persistenly.
Since: 2.68
new
:: (HasCallStack, MonadIO m) | |
=> m HSTSEnforcer | Returns: a new |
Creates a new HSTSEnforcer
. The base HSTSEnforcer
class
does not support persistent storage of HSTS policies, see
HSTSEnforcerDB
for that.
Since: 2.68
setPolicy
hSTSEnforcerSetPolicy Source #
:: (HasCallStack, MonadIO m, IsHSTSEnforcer a) | |
=> a |
|
-> HSTSPolicy |
|
-> m () |
Sets policy
to hstsEnforcer
. If policy
is expired, any
existing HSTS policy for its host will be removed instead. If a
policy existed for this host, it will be replaced. Otherwise, the
new policy will be inserted. If the policy is a session policy, that
is, one created with hSTSPolicyNewSessionPolicy
, the policy
will not expire and will be enforced during the lifetime of
hstsEnforcer
's Session
.
Since: 2.68
setSessionPolicy
hSTSEnforcerSetSessionPolicy Source #
:: (HasCallStack, MonadIO m, IsHSTSEnforcer a) | |
=> a |
|
-> Text |
|
-> Bool |
|
-> m () |
Sets a session policy for domain
. A session policy is a policy
that is permanent to the lifetime of hstsEnforcer
's Session
and doesn't expire.
Since: 2.68
Signals
changed
type C_HSTSEnforcerChangedCallback = Ptr () -> Ptr HSTSPolicy -> Ptr HSTSPolicy -> Ptr () -> IO () Source #
Type for the callback on the (unwrapped) C side.
type HSTSEnforcerChangedCallback Source #
= HSTSPolicy |
|
-> HSTSPolicy |
|
-> IO () |
Emitted when hstsEnforcer
changes. If a policy has been added,
newPolicy
will contain the newly-added policy and
oldPolicy
will be Nothing
. If a policy has been deleted,
oldPolicy
will contain the to-be-deleted policy and
newPolicy
will be Nothing
. If a policy has been changed,
oldPolicy
will contain its old value, and newPolicy
its
new value.
Note that you shouldn't modify the policies from a callback to this signal.
afterHSTSEnforcerChanged :: (IsHSTSEnforcer a, MonadIO m) => a -> HSTSEnforcerChangedCallback -> m SignalHandlerId Source #
Connect a signal handler for the changed signal, to be run after the default handler. When overloading is enabled, this is equivalent to
after
hSTSEnforcer #changed callback
genClosure_HSTSEnforcerChanged :: MonadIO m => HSTSEnforcerChangedCallback -> m (GClosure C_HSTSEnforcerChangedCallback) Source #
Wrap the callback into a GClosure
.
mk_HSTSEnforcerChangedCallback :: C_HSTSEnforcerChangedCallback -> IO (FunPtr C_HSTSEnforcerChangedCallback) Source #
Generate a function pointer callable from C code, from a C_HSTSEnforcerChangedCallback
.
noHSTSEnforcerChangedCallback :: Maybe HSTSEnforcerChangedCallback Source #
A convenience synonym for
.Nothing
:: Maybe
HSTSEnforcerChangedCallback
onHSTSEnforcerChanged :: (IsHSTSEnforcer a, MonadIO m) => a -> HSTSEnforcerChangedCallback -> m SignalHandlerId Source #
Connect a signal handler for the changed signal, to be run before the default handler. When overloading is enabled, this is equivalent to
on
hSTSEnforcer #changed callback
wrap_HSTSEnforcerChangedCallback :: HSTSEnforcerChangedCallback -> C_HSTSEnforcerChangedCallback Source #
Wrap a HSTSEnforcerChangedCallback
into a C_HSTSEnforcerChangedCallback
.
hstsEnforced
type C_HSTSEnforcerHstsEnforcedCallback = Ptr () -> Ptr Message -> Ptr () -> IO () Source #
Type for the callback on the (unwrapped) C side.
type HSTSEnforcerHstsEnforcedCallback Source #
Emitted when hstsEnforcer
has upgraded the protocol
for message
to HTTPS as a result of matching its domain with
a HSTS policy.
afterHSTSEnforcerHstsEnforced :: (IsHSTSEnforcer a, MonadIO m) => a -> HSTSEnforcerHstsEnforcedCallback -> m SignalHandlerId Source #
Connect a signal handler for the hstsEnforced signal, to be run after the default handler. When overloading is enabled, this is equivalent to
after
hSTSEnforcer #hstsEnforced callback
genClosure_HSTSEnforcerHstsEnforced :: MonadIO m => HSTSEnforcerHstsEnforcedCallback -> m (GClosure C_HSTSEnforcerHstsEnforcedCallback) Source #
Wrap the callback into a GClosure
.
mk_HSTSEnforcerHstsEnforcedCallback :: C_HSTSEnforcerHstsEnforcedCallback -> IO (FunPtr C_HSTSEnforcerHstsEnforcedCallback) Source #
Generate a function pointer callable from C code, from a C_HSTSEnforcerHstsEnforcedCallback
.
noHSTSEnforcerHstsEnforcedCallback :: Maybe HSTSEnforcerHstsEnforcedCallback Source #
A convenience synonym for
.Nothing
:: Maybe
HSTSEnforcerHstsEnforcedCallback
onHSTSEnforcerHstsEnforced :: (IsHSTSEnforcer a, MonadIO m) => a -> HSTSEnforcerHstsEnforcedCallback -> m SignalHandlerId Source #
Connect a signal handler for the hstsEnforced signal, to be run before the default handler. When overloading is enabled, this is equivalent to
on
hSTSEnforcer #hstsEnforced callback