Secure header settings applied in interceptors
Secure header settings applied in interceptors
(content-security-policy-header)
(content-security-policy-header options)
Create a custom value for the Content-Security-Policy header. No arg version returns a semi-'Strict' or script-focused policy: object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; To lock your resources to only those served by your domain (subdomains not included), consider: object-src 'none'; default-src 'self'
Create a custom value for the Content-Security-Policy header. No arg version returns a semi-'Strict' or script-focused policy: object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; To lock your resources to only those served by your domain (subdomains not included), consider: object-src 'none'; default-src 'self'
(content-type-header)
(content-type-header value)
Create a custom value for content-type options. No arg version returns most secure setting: nosniff
Create a custom value for content-type options. No arg version returns most secure setting: nosniff
(create-headers)
(create-headers hsts-settings
frame-options-settings
content-type-settings
xss-protection-settings
download-options-settings
cross-domain-policies-settings
content-security-policy-settings)
(cross-domain-policies-header)
(cross-domain-policies-header value)
Create a custom value for the X-Permitted-Cross-Domain-Policies header. No arg version returns the most secure setting: none.
Create a custom value for the X-Permitted-Cross-Domain-Policies header. No arg version returns the most secure setting: none.
(csp-map->str options)
(download-options-header)
(download-options-header value)
Create a custom value for the X-Download-Options header. No arg version returns the most secure setting: noopen. Passing a nil value will return nil, and the header won't be added.
Create a custom value for the X-Download-Options header. No arg version returns the most secure setting: noopen. Passing a nil value will return nil, and the header won't be added.
(frame-options-header)
(frame-options-header policy)
(frame-options-header allow-from-policy origin)
Create a custom polic value for Frame-Options header. No arg version returns most secure setting: DENY
Create a custom polic value for Frame-Options header. No arg version returns most secure setting: DENY
(hsts-header)
(hsts-header max-age-secs)
(hsts-header max-age-secs include-subdomains?)
Create a max-age (and optionally include subdomains) Strict-Transport header No arg version sets age at 1 year (31536000 seconds) and includes subdomains. You may want to use 1 hour (3600 secs), 1 day (86400 secs), 1 week (604800 secs), or 1 month (2628000 secs)
Create a max-age (and optionally include subdomains) Strict-Transport header No arg version sets age at 1 year (31536000 seconds) and includes subdomains. You may want to use 1 hour (3600 secs), 1 day (86400 secs), 1 week (604800 secs), or 1 month (2628000 secs)
(secure-headers)
(secure-headers options)
Options are header values, which can be generated by the helper functions here
Options are header values, which can be generated by the helper functions here
(xss-protection-header)
(xss-protection-header value)
(xss-protection-header value mode)
Create a custom value (and optionally mode) XSS-Protection header. No arg version returns the most secure setting: 1; block.
Create a custom value (and optionally mode) XSS-Protection header. No arg version returns the most secure setting: 1; block.
cljdoc is a website building & hosting documentation for Clojure/Script libraries
× close