Documentation ¶
Index ¶
Constants ¶
View Source
const ( // None matches nothing (i.e. disable this media type) None = "'none'" // Self matches the current origin, but not its subdomains. Self = "'self'" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct { // Default serves as a fallback for the other CSP fetch directives Default []string // Base restricts the URLs that can appear in a page’s <base> element Base []string // Child lists the URLs for workers and embedded frame contents. Child []string // Connect limits the origins to which you can connect (via XHR, WebSockets, and EventSource). Connect []string // Font specifies the origins that can serve web fonts. Font []string // Form lists valid endpoints for submission from `<form>` tags Form []string // Frame specifies the sources that can embed the current page. Frame []string // Image defines the origins from which images can be loaded. Image []string // Media restricts the origins allowed to deliver video and audio. Media []string // Object allows control over Flash and other plugins. Object []string // Plugin limits the kinds of plugins a page may invoke. Plugin []string // Script defines the origins from which scripts can be loaded. Script []string // Style defines the origins from which stylesheets can be loaded. Style []string // Report specifies a URL where a browser will send reports when a content security policy is violated. Report string // UpgradeInsecure instructs user agents to rewrite URL schemes, changing HTTP to HTTPS. UpgradeInsecure bool }
Config is the config for the CSP header Note: all config is optional Note: `None` and `Self` can be added to most of the settings in this struct
Click to show internal directories.
Click to hide internal directories.