Liking cljdoc? Tell your friends :D
Clojure only.

strojure.ring-lib.middleware.csp

Ring middleware to add CSP header in response.

Ring middleware to add [CSP] header in response.

[CSP]: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
raw docstring

wrap-cspclj

(wrap-csp handler {:keys [policy report-only random-nonce-fn]})

Adds CSP header in ring response. If header uses nonce then :csp-nonce key is being added in ring request to be used in response body.

Configuration params:

  • :policy – a map of directive names (string, keyword) and directive values (string, keyword, collection of strings and keywords)

    • The :nonce keyword in directive values represents nonce placeholder

  • :report-only – optional boolean flag if report-only CSP header name should be used.

  • :random-nonce-fn – optional 0-arity function to generate nonce for every request.

Static header example:

(def -handler (-> (fn [_] {}) (wrap-csp {:policy {:default-src :none}})))

(-handler {})
:=> {:headers {"Content-Security-Policy" "default-src 'none'"}}

Example header with nonce:

(def -handler (-> (fn [_] {}) (wrap-csp {:policy {:script-src :nonce}})))

(-handler {})
:=> {:headers {"Content-Security-Policy" "script-src 'nonce-k6JADK2qxoFO4bfKnZI0vyZv'"}}

Adds [CSP] header in ring response. If header uses nonce then `:csp-nonce`
key is being added in ring request to be used in response body.

[CSP]: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP

Configuration params:

- `:policy` – a map of directive names (string, keyword) and directive values
              (string, keyword, collection of strings and keywords)
    + The `:nonce` keyword in directive values represents nonce placeholder

- `:report-only` – optional boolean flag if report-only CSP header name should
                   be used.

- `:random-nonce-fn` – optional 0-arity function to generate nonce for every
                       request.

Static header example:

    (def -handler (-> (fn [_] {}) (wrap-csp {:policy {:default-src :none}})))

    (-handler {})
    :=> {:headers {"Content-Security-Policy" "default-src 'none'"}}

Example header with nonce:

    (def -handler (-> (fn [_] {}) (wrap-csp {:policy {:script-src :nonce}})))

    (-handler {})
    :=> {:headers {"Content-Security-Policy" "script-src 'nonce-k6JADK2qxoFO4bfKnZI0vyZv'"}}
sourceraw docstring

cljdoc is a website building & hosting documentation for Clojure/Script libraries

Keyboard shortcutsReport a problemcljdoc on GitHub
× close