Liking cljdoc? Tell your friends :D

io.pedestal.http.secure-headers

Secure header settings applied in interceptors

Secure header settings applied in interceptors
raw docstring

content-security-policy-headerclj

(content-security-policy-header)
(content-security-policy-header options)

Create a custom value for the Content-Security-Policy header. No arg version returns a semi-'Strict' or script-focused policy: object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; To lock your resources to only those served by your domain (subdomains not included), consider: object-src 'none'; default-src 'self'

Create a custom value for the Content-Security-Policy header.
No arg version returns a semi-'Strict' or script-focused policy:
  object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:;
To lock your resources to only those served by your domain (subdomains not included), consider:
  object-src 'none'; default-src 'self'
raw docstring

content-type-headerclj

(content-type-header)
(content-type-header value)

Create a custom value for content-type options. No arg version returns most secure setting: nosniff

Create a custom value for content-type options.
No arg version returns most secure setting: nosniff
raw docstring

create-headersclj

(create-headers)
(create-headers hsts-settings
                frame-options-settings
                content-type-settings
                xss-protection-settings
                download-options-settings
                cross-domain-policies-settings
                content-security-policy-settings)

cross-domain-policies-headerclj

(cross-domain-policies-header)
(cross-domain-policies-header value)

Create a custom value for the X-Permitted-Cross-Domain-Policies header. No arg version returns the most secure setting: none.

Create a custom value for the X-Permitted-Cross-Domain-Policies header.
No arg version returns the most secure setting: none.
raw docstring

csp-map->strclj

(csp-map->str options)

download-options-headerclj

(download-options-header)
(download-options-header value)

Create a custom value for the X-Download-Options header. No arg version returns the most secure setting: noopen. Passing a nil value will return nil, and the header won't be added.

Create a custom value for the X-Download-Options header.
No arg version returns the most secure setting: noopen.
Passing a nil value will return nil, and the header won't be added.
raw docstring

frame-options-headerclj

(frame-options-header)
(frame-options-header policy)
(frame-options-header allow-from-policy origin)

Create a custom polic value for Frame-Options header. No arg version returns most secure setting: DENY

Create a custom polic value for Frame-Options header.
No arg version returns most secure setting: DENY
raw docstring

header-namesclj


header-names-vecclj


hsts-headerclj

(hsts-header)
(hsts-header max-age-secs)
(hsts-header max-age-secs include-subdomains?)

Create a max-age (and optionally include subdomains) Strict-Transport header No arg version sets age at 1 year (31536000 seconds) and includes subdomains. You may want to use 1 hour (3600 secs), 1 day (86400 secs), 1 week (604800 secs), or 1 month (2628000 secs)

Create a max-age (and optionally include subdomains) Strict-Transport header
No arg version sets age at 1 year (31536000 seconds) and includes subdomains.
You may want to use 1 hour (3600 secs), 1 day (86400 secs), 1 week (604800 secs),
or 1 month (2628000 secs)
raw docstring

secure-headersclj

(secure-headers)
(secure-headers options)

Options are header values, which can be generated by the helper functions here

Options are header values, which can be generated by the helper functions here
raw docstring

xss-protection-headerclj

(xss-protection-header)
(xss-protection-header value)
(xss-protection-header value mode)

Create a custom value (and optionally mode) XSS-Protection header. No arg version returns the most secure setting: 1; block.

Create a custom value (and optionally mode) XSS-Protection header.
No arg version returns the most secure setting: 1; block.
raw docstring

cljdoc is a website building & hosting documentation for Clojure/Script libraries

× close