macchiato.middleware.x-headers
content-type-options-responsecljs
(content-type-options-response response content-type-options)Add the X-Content-Type-Options header to the response. See: wrap-content-type-options.
Add the X-Content-Type-Options header to the response. See: wrap-content-type-options.
frame-options-responsecljs
(frame-options-response response frame-options)Add the X-Frame-Options header to the response. See: wrap-frame-options.
Add the X-Frame-Options header to the response. See: wrap-frame-options.
wrap-content-type-optionscljs
(wrap-content-type-options handler content-type-options)Middleware that adds the X-Content-Type-Options header to the response. This currently only accepts one option: :nosniff - prevent resources with invalid media types being loaded as stylesheets or scripts This prevents attacks based around media type confusion. See: http://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx
Middleware that adds the X-Content-Type-Options header to the response. This
currently only accepts one option:
:nosniff - prevent resources with invalid media types being loaded as
stylesheets or scripts
This prevents attacks based around media type confusion. See:
http://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspxwrap-frame-optionscljs
(wrap-frame-options handler frame-options)Middleware that adds the X-Frame-Options header to the response. This governs whether your site can be rendered in a <frame>, <iframe> or <object>, and is typically used to prevent clickjacking attacks. The following frame options are allowed: :deny - prevent any framing of the content :sameorigin - allow only the current site to frame the content {:allow-from uri} - allow only the specified URI to frame the page The :deny and :sameorigin options are keywords, while the :allow-from option is a map consisting of one key/value pair. Note that browser support for :allow-from is incomplete. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options
Middleware that adds the X-Frame-Options header to the response. This governs
whether your site can be rendered in a <frame>, <iframe> or <object>, and is
typically used to prevent clickjacking attacks.
The following frame options are allowed:
:deny - prevent any framing of the content
:sameorigin - allow only the current site to frame the content
{:allow-from uri} - allow only the specified URI to frame the page
The :deny and :sameorigin options are keywords, while the :allow-from option
is a map consisting of one key/value pair.
Note that browser support for :allow-from is incomplete. See:
https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Optionswrap-xss-protectioncljs
(wrap-xss-protection handler)(wrap-xss-protection handler {:keys [enable? mode]})Middleware that adds the X-XSS-Protection header to the response. This header enables a heuristic filter in browsers for detecting cross-site scripting attacks. Usually on by default. The :enable? key determines whether the filter should be turned on. :mode - currently accepts only :block See: http://msdn.microsoft.com/en-us/library/dd565647(v=vs.85).aspx
Middleware that adds the X-XSS-Protection header to the response. This header enables a heuristic filter in browsers for detecting cross-site scripting attacks. Usually on by default. The :enable? key determines whether the filter should be turned on. :mode - currently accepts only :block See: http://msdn.microsoft.com/en-us/library/dd565647(v=vs.85).aspx
xss-protection-responsecljs
(xss-protection-response response enable?)(xss-protection-response response enable? options)Add the X-XSS-Protection header to the response. See: wrap-xss-protection.
Add the X-XSS-Protection header to the response. See: wrap-xss-protection.
cljdoc is a website building & hosting documentation for Clojure/Script libraries
× close