csp

package
v0.0.0-...-ec7f410 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 16, 2014 License: MIT Imports: 1 Imported by: 1

Documentation

Overview

package csp implements a content-security-policy header generator

Index

Examples

Constants

View Source 
const (
	// Allows content to be loaded from the current domain
	SourceSelf = "'self'"
	// Prevents any content of the specified type loading
	SourceNone = "'none'"
	// Disables the main protection offered by CSP
	SourceUnsafeInline = "'unsafe-inline'"
)

See CSP standard at http://www.w3.org/TR/CSP/

Variables

This section is empty.

Functions

This section is empty.

Types

type Opts 

type Opts struct {
	ReportUri string // A relative path to POST CSP violations to

	// Sources to allow content loading from.
	DefaultSrc []string
	ScriptSrc  []string
	ConnectSrc []string
	FrameSrc   []string
	FontSrc    []string
	ImgSrc     []string
	MediaSrc   []string
	ObjectSrc  []string
	StyleSrc   []string
}

Opts configures a Content-Security-Policy header

Example 
h := Opts{
	DefaultSrc: []string{SourceNone},
	ImgSrc:     []string{SourceSelf, "https://example.org"},
	StyleSrc:   []string{SourceSelf},
	ScriptSrc:  []string{SourceSelf, SourceUnsafeInline},
	ReportUri:  "/csp_report",
}
fmt.Println(h.Header())

Output:

default-src 'none' ; img-src 'self' https://example.org ; style-src 'self' ; script-src 'self' 'unsafe-inline' ; report-uri /csp_report

func (Opts) Header 

func (o Opts) Header() string

Formats for rendering as an http header. E.G. default-src 'self' ; script-src 'self' https://apis.google.com

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.