Documentation ¶
Index ¶
Constants ¶
const ( Self = "'self'" None = "'none'" Any = "*" CSPHeader = "Content-Security-Policy" DefaultSrc = "default-src" ScriptSrc = "script-src" ConnectSrc = "connect-src" ImgSrc = "img-src" FontSrc = "font-src" StyleSrc = "style-src" ReportURI = "report-uri" )
Helpful constants for CSP values
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CSP ¶
type CSP struct { *Config // contains filtered or unexported fields }
CSP is a http middleware that configures CSP in the response header of an http request
func (*CSP) HandlerFunc ¶
func (csp *CSP) HandlerFunc() http.HandlerFunc
HandlerFunc returns a function the http.HandlerFunc interface
func (*CSP) Middleware ¶
Middleware returns a function with the http.Handler interface and provides github.com/justinas/alice integration
func (*CSP) NegroniHandlerFunc ¶
func (csp *CSP) NegroniHandlerFunc() negroni.HandlerFunc
NegroniHandlerFunc returns a function with the negroni middleware interface
type Config ¶
type Config struct { WebSocket bool // enable dynamic websocket support in CSP Default string // default-src CSP policy Script string // script-src CSP policy Connect string // connect-src CSP policy Img string // img-src CSP policy Style string // style-src CSP policy Font string // font-src CSP policy ReportURI string // report-uri CSP violation reports URI IgnorePrefix []string // URL prefixes not to apply CSP too }
Config is Content Security Policy Configuration. If you do not define a policy string it will not be included in the policy output
func StarterConfig ¶
func StarterConfig() Config
StarterConfig is a reasonable default set of policies.
Content-Security-Policy: default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style: 'self';