ContentSecurityPolicy.ContentSecurityPolicy
— ModuleContentSecurityPolicy.jl is library for working with Content Security Policy headers
Content-Security-Policy: default-src 'self'; script-src https://example.com
is the same as:
Content-Security-Policy: connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; object-src 'self'; script-src https://example.com; style-src 'self'; worker-src 'self'
ContentSecurityPolicy.DirectiveTypes
— Typeconst DirectiveTypes
- Nothing: Directive will be absent from policy
- Empty Tuple or Set: Absent from header or only key is added to header
- True: only key is added to policy header
ContentSecurityPolicy.compile
— Methodcompile(policy::Policy)::String
ContentSecurityPolicy.http
— Methodhttp(::Policy; except, kwargs...)::OrderedDict
Build a Dict
with keys matching CSP directive names, as used in http requests
Automatically ignores properties for which values are empty, false or nothing.
Dict values are the string representation of their value in the policy instance
ContentSecurityPolicy.nonce!
— Methodfunction none!(policy, directive::String)
Creates a nonce
, applies it to policy[directive] and returns the nonce