The HttpHandler to add CSP header in response.
The HttpHandler to add [CSP] header in response. [CSP]: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
(csp-handler next-handler
{:keys [policy report-only random-nonce-fn report-handler]})
Adds CSP header in ring response. If header uses nonce then nonce value
is being attached to exchange and accessible using get-request-nonce
.
Configuration map keys:
:policy
– a map of directive names (string, keyword) and directive values
(string, keyword, collection of strings and keywords)
:nonce
keyword in directive values represents nonce placeholder:report-only
– optional boolean flag if report-only CSP header name should
be used.
:random-nonce-fn
– optional 0-arity function to generate nonce for every
request.
::report-handler
– a HttpHandler to handle report-uri
directive.
next-handler
is wrapped with report-uri-handler
.report-uri
directive then it is added with
default value "/csp-report".Adds [CSP] header in ring response. If header uses nonce then nonce value is being attached to exchange and accessible using [[get-request-nonce]]. [CSP]: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP Configuration map keys: - `:policy` – a map of directive names (string, keyword) and directive values (string, keyword, collection of strings and keywords) + The `:nonce` keyword in directive values represents nonce placeholder - `:report-only` – optional boolean flag if report-only CSP header name should be used. - `:random-nonce-fn` – optional 0-arity function to generate nonce for every request. - `::report-handler` – a HttpHandler to handle `report-uri` directive. + When presented then `next-handler` is wrapped with [[report-uri-handler]]. + If policy map does not have `report-uri` directive then it is added with default value "/csp-report".
(get-request-nonce exchange)
Returns CSP nonce attached by the csp-handler
.
Returns CSP nonce attached by the [[csp-handler]].
The AttachmentKey
for generated unique CSP nonce in exchange.
The `AttachmentKey` for generated unique CSP nonce in exchange.
Default value of the CSP report URI.
Default value of the CSP report URI.
(report-uri-handler next-handler {:keys [report-uri report-handler]})
Handles CSP report URI with HttpHandler :report-handler
. Used by
csp-handler
when :report-handler
option is defined.
Configuration map keys:
:report-handler
– the HttpHandler to be applied when request URI equals
:report-uri
, required.
:report-uri
– a string with request :uri
to match for.
Handles CSP report URI with HttpHandler `:report-handler`. Used by [[csp-handler]] when `:report-handler` option is defined. Configuration map keys: - `:report-handler` – the HttpHandler to be applied when request URI equals `:report-uri`, required. - `:report-uri` – a string with request `:uri` to match for. + Exact value is matched. + Default value is "/csp-report".
cljdoc is a website building & hosting documentation for Clojure/Script libraries
× close