Liking cljdoc? Tell your friends :D

strojure.undertow.handler.csp

The HttpHandler to add CSP header in response.

The HttpHandler to add [CSP] header in response.

[CSP]: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
raw docstring

csp-handlerclj

(csp-handler next-handler
             {:keys [policy report-only random-nonce-fn report-handler]})

Adds CSP header in ring response. If header uses nonce then nonce value is being attached to exchange and accessible using get-request-nonce.

Configuration map keys:

  • :policy – a map of directive names (string, keyword) and directive values (string, keyword, collection of strings and keywords)

    • The :nonce keyword in directive values represents nonce placeholder
  • :report-only – optional boolean flag if report-only CSP header name should be used.

  • :random-nonce-fn – optional 0-arity function to generate nonce for every request.

  • ::report-handler – a HttpHandler to handle report-uri directive.

    • When presented then next-handler is wrapped with report-uri-handler.
    • If policy map does not have report-uri directive then it is added with default value "/csp-report".
Adds [CSP] header in ring response. If header uses nonce then nonce value
is being attached to exchange and accessible using [[get-request-nonce]].

[CSP]: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP

Configuration map keys:

- `:policy` – a map of directive names (string, keyword) and directive values
              (string, keyword, collection of strings and keywords)
    + The `:nonce` keyword in directive values represents nonce placeholder

- `:report-only` – optional boolean flag if report-only CSP header name should
                   be used.

- `:random-nonce-fn` – optional 0-arity function to generate nonce for every
                       request.

- `::report-handler` – a HttpHandler to handle `report-uri` directive.
    + When presented then `next-handler` is wrapped with [[report-uri-handler]].
    + If policy map does not have `report-uri` directive then it is added with
      default value "/csp-report".
sourceraw docstring

get-request-nonceclj

(get-request-nonce exchange)

Returns CSP nonce attached by the csp-handler.

Returns CSP nonce attached by the [[csp-handler]].
sourceraw docstring

nonce-attachment-keyclj

The AttachmentKey for generated unique CSP nonce in exchange.

The `AttachmentKey` for generated unique CSP nonce in exchange.
sourceraw docstring

report-uri-defaultclj

Default value of the CSP report URI.

Default value of the CSP report URI.
sourceraw docstring

report-uri-handlerclj

(report-uri-handler next-handler {:keys [report-uri report-handler]})

Handles CSP report URI with HttpHandler :report-handler. Used by csp-handler when :report-handler option is defined.

Configuration map keys:

  • :report-handler – the HttpHandler to be applied when request URI equals :report-uri, required.

  • :report-uri – a string with request :uri to match for.

    • Exact value is matched.
    • Default value is "/csp-report".
Handles CSP report URI with HttpHandler `:report-handler`. Used by
[[csp-handler]] when `:report-handler` option is defined.

Configuration map keys:

- `:report-handler` – the HttpHandler to be applied when request URI equals
  `:report-uri`, required.

- `:report-uri` – a string with request `:uri` to match for.
    + Exact value is matched.
    + Default value is "/csp-report".
sourceraw docstring

cljdoc is a website building & hosting documentation for Clojure/Script libraries

× close