Safe Haskell | None |
---|---|
Language | Haskell2010 |
Add CSP headers to Yesod apps. This helps reduce the risk of exposure to XSS and bad assets.
- cspPolicy :: MonadHandler m => DirectiveList -> m ()
- getCspPolicy :: DirectiveList -> Text
- type DirectiveList = [Directive]
- data Directive
- type SourceList = NonEmpty Source
- data Source
- = Wildcard
- | None
- | Self
- | DataScheme
- | Host URI
- | Https
- | UnsafeInline
- | UnsafeEval
- data SandboxOptions
Documentation
cspPolicy :: MonadHandler m => DirectiveList -> m () Source
Adds a Content-Security-Policy header to your response.
getExample1R :: Handler Html getExample1R = do -- only allow scripts from my website cspPolicy [ScriptSrc (Self :| [])] defaultLayout $ do addScriptRemote "http://httpbin.org/i_am_external" [whamlet|hello|]
getCspPolicy :: DirectiveList -> Text Source
Returns a generated Content-Security-Policy header.
type DirectiveList = [Directive] Source
A list of restrictions to apply.
A restriction on how assets can be loaded.
For example ImgSrc
concerns where images may be loaded from.
DefaultSrc SourceList | |
ScriptSrc SourceList | |
StyleSrc SourceList | |
ImgSrc SourceList | |
ConnectSrc SourceList | |
FontSrc SourceList | |
ObjectSrc SourceList | |
MediaSrc SourceList | |
FrameSrc SourceList | |
Sandbox [SandboxOptions] | Applies a sandbox to the result. See here for more info. |
ReportUri URI |
type SourceList = NonEmpty Source Source
A list of allowed sources for a directive.
Represents a location from which assets may be loaded.
data SandboxOptions Source
Configuration options for the sandbox.