Safe Haskell | None |
---|---|
Language | Haskell2010 |
Add CSP headers to Yesod apps. This helps reduce the risk of exposure to XSS and bad assets.
- cspPolicy :: MonadHandler m => DirectiveList -> m ()
- getCspPolicy :: DirectiveList -> Text
- data EscapedURI
- escapeAndParseURI :: Text -> Maybe EscapedURI
- type DirectiveList = [Directive]
- data Directive
- type SourceList = NonEmpty Source
- data Source
- data SandboxOptions
Documentation
cspPolicy :: MonadHandler m => DirectiveList -> m () Source
Adds a Content-Security-Policy header to your response.
getExample1R :: Handler Html getExample1R = do -- only allow scripts from my website cspPolicy [ScriptSrc (Self :| [])] defaultLayout $ do addScriptRemote "http://httpbin.org/i_am_external" [whamlet|hello|]
getCspPolicy :: DirectiveList -> Text Source
Returns a generated Content-Security-Policy header.
escapeAndParseURI :: Text -> Maybe EscapedURI Source
Escapes ';' '\'' and ' ', and parses to URI
type DirectiveList = [Directive] Source
A list of restrictions to apply.
A restriction on how assets can be loaded.
For example ImgSrc
concerns where images may be loaded from.
DefaultSrc SourceList | |
ScriptSrc SourceList | |
StyleSrc SourceList | |
ImgSrc SourceList | |
ConnectSrc SourceList | |
FontSrc SourceList | |
ObjectSrc SourceList | |
MediaSrc SourceList | |
FrameSrc SourceList | |
Sandbox [SandboxOptions] | Applies a sandbox to the result. See here for more info. |
ReportUri EscapedURI |
type SourceList = NonEmpty Source Source
A list of allowed sources for a directive.
Represents a location from which assets may be loaded.
data SandboxOptions Source
Configuration options for the sandbox.