ContentSecurityPolicy.jl is library for working with Content Security Policy headers

Content-Security-Policy: default-src 'self'; script-src

is the same as:

Content-Security-Policy: connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; object-src 'self'; script-src; style-src 'self'; worker-src 'self'

Content-Security-Policy @ mdn

const DirectiveTypes
  • Nothing: Directive will be absent from policy
  • Empty Tuple or Set: Absent from header or only key is added to header
  • True: only key is added to policy header
http(::Policy; except, kwargs...)::OrderedDict

Build a Dict with keys matching CSP directive names, as used in http requests

Automatically ignores properties for which values are empty, false or nothing.

Dict values are the string representation of their value in the policy instance

function none!(policy, directive::String)

Creates a nonce, applies it to policy[directive] and returns the nonce