yesod-csp-0.2.1.0: Add CSP headers to Yesod apps

Safe HaskellNone
LanguageHaskell2010

Yesod.Csp

Description

Add CSP headers to Yesod apps. This helps reduce the risk of exposure to XSS and bad assets.

Synopsis

Documentation

cspPolicy :: MonadHandler m => DirectiveList -> m () Source #

Adds a Content-Security-Policy header to your response.

getExample1R :: Handler Html
getExample1R = do
  -- only allow scripts from my website
  cspPolicy [ScriptSrc (Self :| [])]
  defaultLayout $ do
    addScriptRemote "http://httpbin.org/i_am_external"
    [whamlet|hello|]

getCspPolicy :: DirectiveList -> Text Source #

Returns a generated Content-Security-Policy header.

data EscapedURI Source #

Instances

Eq EscapedURI Source # 
Data EscapedURI Source # 

Methods

gfoldl :: (forall d b. Data d => c (d -> b) -> d -> c b) -> (forall g. g -> c g) -> EscapedURI -> c EscapedURI #

gunfold :: (forall b r. Data b => c (b -> r) -> c r) -> (forall r. r -> c r) -> Constr -> c EscapedURI #

toConstr :: EscapedURI -> Constr #

dataTypeOf :: EscapedURI -> DataType #

dataCast1 :: Typeable (* -> *) t => (forall d. Data d => c (t d)) -> Maybe (c EscapedURI) #

dataCast2 :: Typeable (* -> * -> *) t => (forall d e. (Data d, Data e) => c (t d e)) -> Maybe (c EscapedURI) #

gmapT :: (forall b. Data b => b -> b) -> EscapedURI -> EscapedURI #

gmapQl :: (r -> r' -> r) -> r -> (forall d. Data d => d -> r') -> EscapedURI -> r #

gmapQr :: (r' -> r -> r) -> r -> (forall d. Data d => d -> r') -> EscapedURI -> r #

gmapQ :: (forall d. Data d => d -> u) -> EscapedURI -> [u] #

gmapQi :: Int -> (forall d. Data d => d -> u) -> EscapedURI -> u #

gmapM :: Monad m => (forall d. Data d => d -> m d) -> EscapedURI -> m EscapedURI #

gmapMp :: MonadPlus m => (forall d. Data d => d -> m d) -> EscapedURI -> m EscapedURI #

gmapMo :: MonadPlus m => (forall d. Data d => d -> m d) -> EscapedURI -> m EscapedURI #

Show EscapedURI Source # 

escapeAndParseURI :: Text -> Maybe EscapedURI Source #

Escapes ';' '\'' and ' ', and parses to URI

escapedTextForNonce :: String -> EscapedText Source #

Escapes Text to be a valid nonce value

nonce :: Text -> Source Source #

Escapes a Text value, returning a valid Nonce

type DirectiveList = [Directive] Source #

A list of restrictions to apply.

data Directive Source #

A restriction on how assets can be loaded. For example ImgSrc concerns where images may be loaded from.

Instances

Eq Directive Source # 
Data Directive Source # 

Methods

gfoldl :: (forall d b. Data d => c (d -> b) -> d -> c b) -> (forall g. g -> c g) -> Directive -> c Directive #

gunfold :: (forall b r. Data b => c (b -> r) -> c r) -> (forall r. r -> c r) -> Constr -> c Directive #

toConstr :: Directive -> Constr #

dataTypeOf :: Directive -> DataType #

dataCast1 :: Typeable (* -> *) t => (forall d. Data d => c (t d)) -> Maybe (c Directive) #

dataCast2 :: Typeable (* -> * -> *) t => (forall d e. (Data d, Data e) => c (t d e)) -> Maybe (c Directive) #

gmapT :: (forall b. Data b => b -> b) -> Directive -> Directive #

gmapQl :: (r -> r' -> r) -> r -> (forall d. Data d => d -> r') -> Directive -> r #

gmapQr :: (r' -> r -> r) -> r -> (forall d. Data d => d -> r') -> Directive -> r #

gmapQ :: (forall d. Data d => d -> u) -> Directive -> [u] #

gmapQi :: Int -> (forall d. Data d => d -> u) -> Directive -> u #

gmapM :: Monad m => (forall d. Data d => d -> m d) -> Directive -> m Directive #

gmapMp :: MonadPlus m => (forall d. Data d => d -> m d) -> Directive -> m Directive #

gmapMo :: MonadPlus m => (forall d. Data d => d -> m d) -> Directive -> m Directive #

Show Directive Source # 

type SourceList = NonEmpty Source Source #

A list of allowed sources for a directive.

data Source Source #

Represents a location from which assets may be loaded.

Instances

Eq Source Source # 

Methods

(==) :: Source -> Source -> Bool #

(/=) :: Source -> Source -> Bool #

Data Source Source # 

Methods

gfoldl :: (forall d b. Data d => c (d -> b) -> d -> c b) -> (forall g. g -> c g) -> Source -> c Source #

gunfold :: (forall b r. Data b => c (b -> r) -> c r) -> (forall r. r -> c r) -> Constr -> c Source #

toConstr :: Source -> Constr #

dataTypeOf :: Source -> DataType #

dataCast1 :: Typeable (* -> *) t => (forall d. Data d => c (t d)) -> Maybe (c Source) #

dataCast2 :: Typeable (* -> * -> *) t => (forall d e. (Data d, Data e) => c (t d e)) -> Maybe (c Source) #

gmapT :: (forall b. Data b => b -> b) -> Source -> Source #

gmapQl :: (r -> r' -> r) -> r -> (forall d. Data d => d -> r') -> Source -> r #

gmapQr :: (r' -> r -> r) -> r -> (forall d. Data d => d -> r') -> Source -> r #

gmapQ :: (forall d. Data d => d -> u) -> Source -> [u] #

gmapQi :: Int -> (forall d. Data d => d -> u) -> Source -> u #

gmapM :: Monad m => (forall d. Data d => d -> m d) -> Source -> m Source #

gmapMp :: MonadPlus m => (forall d. Data d => d -> m d) -> Source -> m Source #

gmapMo :: MonadPlus m => (forall d. Data d => d -> m d) -> Source -> m Source #

Show Source Source # 

data SandboxOptions Source #

Configuration options for the sandbox.

Instances

Eq SandboxOptions Source # 
Data SandboxOptions Source # 

Methods

gfoldl :: (forall d b. Data d => c (d -> b) -> d -> c b) -> (forall g. g -> c g) -> SandboxOptions -> c SandboxOptions #

gunfold :: (forall b r. Data b => c (b -> r) -> c r) -> (forall r. r -> c r) -> Constr -> c SandboxOptions #

toConstr :: SandboxOptions -> Constr #

dataTypeOf :: SandboxOptions -> DataType #

dataCast1 :: Typeable (* -> *) t => (forall d. Data d => c (t d)) -> Maybe (c SandboxOptions) #

dataCast2 :: Typeable (* -> * -> *) t => (forall d e. (Data d, Data e) => c (t d e)) -> Maybe (c SandboxOptions) #

gmapT :: (forall b. Data b => b -> b) -> SandboxOptions -> SandboxOptions #

gmapQl :: (r -> r' -> r) -> r -> (forall d. Data d => d -> r') -> SandboxOptions -> r #

gmapQr :: (r' -> r -> r) -> r -> (forall d. Data d => d -> r') -> SandboxOptions -> r #

gmapQ :: (forall d. Data d => d -> u) -> SandboxOptions -> [u] #

gmapQi :: Int -> (forall d. Data d => d -> u) -> SandboxOptions -> u #

gmapM :: Monad m => (forall d. Data d => d -> m d) -> SandboxOptions -> m SandboxOptions #

gmapMp :: MonadPlus m => (forall d. Data d => d -> m d) -> SandboxOptions -> m SandboxOptions #

gmapMo :: MonadPlus m => (forall d. Data d => d -> m d) -> SandboxOptions -> m SandboxOptions #

Show SandboxOptions Source #