Documentation
¶
Overview ¶
package csp implements a content-security-policy header generator
Index ¶
Examples ¶
Constants ¶
View Source
const ( // Allows content to be loaded from the current domain SourceSelf = "'self'" // Prevents any content of the specified type loading SourceNone = "'none'" // Disables the main protection offered by CSP SourceUnsafeInline = "'unsafe-inline'" )
See CSP standard at http://www.w3.org/TR/CSP/
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Opts ¶
type Opts struct {
ReportUri string // A relative path to POST CSP violations to
// Sources to allow content loading from.
DefaultSrc []string
ScriptSrc []string
ConnectSrc []string
FrameSrc []string
FontSrc []string
ImgSrc []string
MediaSrc []string
ObjectSrc []string
StyleSrc []string
}
Opts configures a Content-Security-Policy header
Example ¶
h := Opts{
DefaultSrc: []string{SourceNone},
ImgSrc: []string{SourceSelf, "https://example.org"},
StyleSrc: []string{SourceSelf},
ScriptSrc: []string{SourceSelf, SourceUnsafeInline},
ReportUri: "/csp_report",
}
fmt.Println(h.Header())
Output: default-src 'none' ; img-src 'self' https://example.org ; style-src 'self' ; script-src 'self' 'unsafe-inline' ; report-uri /csp_report
func (Opts) Header ¶
Formats for rendering as an http header. E.G. default-src 'self' ; script-src 'self' https://apis.google.com
Source Files
Click to show internal directories.
Click to hide internal directories.