ContentSecurityPolicy

v1.0.3

ContentSecurityPolicy v1.0.3 ContentSecurityPolicy.Plug.AddSourceValue View Source

Plug which adds a source value to the given directive.

This plug must be run after the ContentSecurityPolicy.Setup plug, or it will raise an exception.

Example Usage

In a controller or router:

plug ContentSecurityPolicy.Setup
plug ContentSecurityPolicy.AddSourceValue, 
  script_src: "https://google.com"

When the response is sent to the browser, the "content-security-policy" response header will contain "script-src https://google.com" directive.

Multiple directives and source values can be provided in the same call.

plug ContentSecurityPolicy.AddSourceValue, 
  script_src: "'self'", 
  script_src: "https://google.com"

When the response is sent to the browser, the "content-security-policy" response header will contain "script-src 'self' https://google.com" directive.

The ContentSecurityPolicy.Plug.AddSourceValue plug is additive. It will never replace or remove old source values associated with a directive.

Link to this section Summary

Functions

call(conn, opts)
init(opts)

Link to this section Functions

Link to this function

call(conn, opts)

View Source
Link to this function

init(opts)

View Source