strojure.undertow.handler.csp

Liking cljdoc? Tell your friends :D

Clojure only.

csp-handler
get-request-nonce
nonce-attachment-key
report-uri-default
report-uri-handler

The HttpHandler to add CSP header in response.

The HttpHandler to add [CSP] header in response.

[CSP]: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP

raw docstring

csp-handler^clj

(csp-handler next-handler
             {:keys [policy report-only random-nonce-fn report-handler]})

Adds CSP header in ring response. If header uses nonce then nonce value is being attached to exchange and accessible using get-request-nonce.

Configuration map keys:

:policy – a map of directive names (string, keyword) and directive values (string, keyword, collection of strings and keywords)
- The :nonce keyword in directive values represents nonce placeholder
:report-only – optional boolean flag if report-only CSP header name should be used.
:random-nonce-fn – optional 0-arity function to generate nonce for every request.
::report-handler – a HttpHandler to handle report-uri directive.
- When presented then next-handler is wrapped with report-uri-handler.
- If policy map does not have report-uri directive then it is added with default value "/csp-report".

Adds [CSP] header in ring response. If header uses nonce then nonce value
is being attached to exchange and accessible using [[get-request-nonce]].

[CSP]: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP

Configuration map keys:

- `:policy` – a map of directive names (string, keyword) and directive values
              (string, keyword, collection of strings and keywords)
    + The `:nonce` keyword in directive values represents nonce placeholder

- `:report-only` – optional boolean flag if report-only CSP header name should
                   be used.

- `:random-nonce-fn` – optional 0-arity function to generate nonce for every
                       request.

- `::report-handler` – a HttpHandler to handle `report-uri` directive.
    + When presented then `next-handler` is wrapped with [[report-uri-handler]].
    + If policy map does not have `report-uri` directive then it is added with
      default value "/csp-report".

source raw docstring

get-request-nonce^clj

(get-request-nonce exchange)

Returns CSP nonce attached by the csp-handler.

Returns CSP nonce attached by the [[csp-handler]].

source raw docstring

nonce-attachment-key^clj

The AttachmentKey for generated unique CSP nonce in exchange.

The `AttachmentKey` for generated unique CSP nonce in exchange.

source raw docstring

report-uri-default^clj

Default value of the CSP report URI.

Default value of the CSP report URI.

source raw docstring

report-uri-handler^clj

(report-uri-handler next-handler {:keys [report-uri report-handler]})

Handles CSP report URI with HttpHandler :report-handler. Used by csp-handler when :report-handler option is defined.

Configuration map keys:

:report-handler – the HttpHandler to be applied when request URI equals :report-uri, required.
:report-uri – a string with request :uri to match for.
- Exact value is matched.
- Default value is "/csp-report".

Handles CSP report URI with HttpHandler `:report-handler`. Used by
[[csp-handler]] when `:report-handler` option is defined.

Configuration map keys:

- `:report-handler` – the HttpHandler to be applied when request URI equals
  `:report-uri`, required.

- `:report-uri` – a string with request `:uri` to match for.
    + Exact value is matched.
    + Default value is "/csp-report".

source raw docstring

cljdoc builds & hosts documentation for Clojure/Script libraries

Keyboard shortcuts

`Ctrl`+`k`	Jump to recent docs
`←`	Move to previous article
`→`	Move to next article
`Ctrl`+`/`	Jump to the search field

Raise an issue Browse cljdoc source Chat on Slack

× close