strojure.undertow.handler.csp

Liking cljdoc? Tell your friends :D

Clojure only.

csp-handler
get-request-nonce
nonce-attachment-key
report-uri-default
report-uri-handler

The HttpHandler to add CSP header in response.

The HttpHandler to add [CSP] header in response.

[CSP]: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP

raw docstring

csp-handler^clj

(csp-handler next-handler
             {:keys [policy report-only random-nonce-fn report-callback]})

Adds CSP header in ring response. If header uses nonce then nonce value is being attached to exchange and accessible using get-request-nonce.

Configuration map keys:

:policy – a map of directive names (string, keyword) and directive values (string, keyword, collection of strings and keywords)
- The :nonce keyword in directive values represents nonce placeholder
:report-only – optional boolean flag if report-only CSP header name should be used.
:random-nonce-fn – optional 0-arity function to generate nonce for every request.
:report-callback – a function (fn callback [exchange] ...) to handle report-uri directive.
- When presented then handler is wrapped with report-uri-handler.
- If policy map does not have report-uri directive then it is added with default value "/csp-report".

Adds [CSP] header in ring response. If header uses nonce then nonce value
is being attached to exchange and accessible using [[get-request-nonce]].

[CSP]: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP

Configuration map keys:

- `:policy` – a map of directive names (string, keyword) and directive values
              (string, keyword, collection of strings and keywords)
    + The `:nonce` keyword in directive values represents nonce placeholder

- `:report-only` – optional boolean flag if report-only CSP header name should
                   be used.

- `:random-nonce-fn` – optional 0-arity function to generate nonce for every
                       request.

- `:report-callback` – a function `(fn callback [exchange] ...)` to handle
  `report-uri` directive.
    + When presented then handler is wrapped with [[report-uri-handler]].
    + If policy map does not have `report-uri` directive then it is added with
      default value "/csp-report".

source raw docstring

get-request-nonce^clj

(get-request-nonce exchange)

Returns CSP nonce attached by the csp-handler.

Returns CSP nonce attached by the [[csp-handler]].

source raw docstring

nonce-attachment-key^clj

The AttachmentKey for generated unique CSP nonce in exchange.

The `AttachmentKey` for generated unique CSP nonce in exchange.

source raw docstring

report-uri-default^clj

Default value of the CSP report URI.

Default value of the CSP report URI.

source raw docstring

report-uri-handler^clj

(report-uri-handler next-handler {:keys [report-callback report-uri]})

Handles CSP report URI and invokes :report-callback function with HttpServerExchange as argument. Respond with HTTP 200. Used by csp-handler when :report-callback option is defined.

Configuration map keys:

:report-callback – a function (fn callback [exchange] ...).
- Required.
- Invoked when request URI equals :report-uri.
- The return value is ignored.
:report-uri – a string with request :uri to match for.
- Exact value is matched.
- Default value is "/csp-report".

Handles CSP report URI and invokes `:report-callback` function with
`HttpServerExchange` as argument. Respond with HTTP 200. Used by
[[csp-handler]] when `:report-callback` option is defined.

Configuration map keys:

- `:report-callback` – a function `(fn callback [exchange] ...)`.
    + Required.
    + Invoked when request URI equals `:report-uri`.
    + The return value is ignored.

- `:report-uri` – a string with request `:uri` to match for.
    + Exact value is matched.
    + Default value is "/csp-report".

source raw docstring

cljdoc is a website building & hosting documentation for Clojure/Script libraries

Keyboard shortcuts Report a problem cljdoc on GitHub

× close