Documentation
¶
Index ¶
Constants ¶
View Source
const ( // None matches nothing (i.e. disable this media type) None = "'none'" // Self matches the current origin, but not its subdomains. Self = "'self'" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
// Default serves as a fallback for the other CSP fetch directives
Default []string
// Base restricts the URLs that can appear in a page’s <base> element
Base []string
// Child lists the URLs for workers and embedded frame contents.
Child []string
// Connect limits the origins to which you can connect (via XHR, WebSockets, and EventSource).
Connect []string
// Font specifies the origins that can serve web fonts.
Font []string
// Form lists valid endpoints for submission from `<form>` tags
Form []string
// Frame specifies the sources that can embed the current page.
Frame []string
// Image defines the origins from which images can be loaded.
Image []string
// Media restricts the origins allowed to deliver video and audio.
Media []string
// Object allows control over Flash and other plugins.
Object []string
// Plugin limits the kinds of plugins a page may invoke.
Plugin []string
// Script defines the origins from which scripts can be loaded.
Script []string
// Style defines the origins from which stylesheets can be loaded.
Style []string
// Report specifies a URL where a browser will send reports when a content security policy is violated.
Report string
// UpgradeInsecure instructs user agents to rewrite URL schemes, changing HTTP to HTTPS.
UpgradeInsecure bool
}
Config is the config for the CSP header Note: all config is optional Note: `None` and `Self` can be added to most of the settings in this struct
Source Files
Click to show internal directories.
Click to hide internal directories.