Documentation
¶
Overview ¶
Package csp provides a safehttp.Interceptor which applies Content-Security Policies to responses.
These default policies are provided:
- A strict nonce based CSP
- A framing policy which sets frame-ancestors to 'self'
- A Trusted Types policy which makes usage of dangerous web API functions secure by default
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type FramingPolicy ¶
type FramingPolicy struct {
// ReportURI controls the report-uri directive. If ReportUri is empty, no report-uri
// directive will be set.
ReportURI string
}
FramingPolicy can be used to create a new CSP policy with frame-ancestors set to 'self'.
To specify a list of allowed framing hostnames use interceptor configurations.
func (FramingPolicy) Match ¶
func (FramingPolicy) Match(cfg safehttp.InterceptorConfig) bool
Match matches strict policies overrides.
func (FramingPolicy) Overridden ¶
func (FramingPolicy) Overridden(cfg safehttp.InterceptorConfig) (disabled, reportOnly bool)
Overridden checks the override level.
func (FramingPolicy) Serialize ¶
func (f FramingPolicy) Serialize(nonce string, cfg safehttp.InterceptorConfig) string
Serialize serializes this policy for use in a Content-Security-Policy header or in a Content-Security-Policy-Report-Only header. A nonce will be provided to Serialize which can be used in 'nonce-{random-nonce}' values in directives.
type Interceptor ¶
type Interceptor struct {
// Policy is the policy the interceptor should enforce.
Policy Policy
// ReportOnly makes Policy be set report-only.
ReportOnly bool
}
Interceptor intercepts requests and applies CSP policies. Multiple interceptors can be installed at the same time.
func Default ¶
func Default(reportURI string) []Interceptor
Default creates new CSP interceptors with a strict nonce-based policy and a TrustedTypes policy, all in enforcement mode. Framing policies are installed by the framing interceptor.
func (Interceptor) Before ¶
func (it Interceptor) Before(w safehttp.ResponseWriter, r *safehttp.IncomingRequest, cfg safehttp.InterceptorConfig) safehttp.Result
Before claims and sets the Content-Security-Policy header and the Content-Security-Policy-Report-Only header.
func (Interceptor) Commit ¶
func (it Interceptor) Commit(w safehttp.ResponseHeadersWriter, r *safehttp.IncomingRequest, resp safehttp.Response, cfg safehttp.InterceptorConfig)
Commit adds the nonce to the safehttp.TemplateResponse which is going to be injected as the value of the nonce attribute in <script> and <link> tags. The nonce is going to be unique for each safehttp.IncomingRequest.
func (Interceptor) Match ¶
func (it Interceptor) Match(cfg safehttp.InterceptorConfig) bool
Match returns false since there are no supported configurations.
type Policy ¶
type Policy interface {
// Serialize serializes this policy for use in a Content-Security-Policy header
// or in a Content-Security-Policy-Report-Only header. A nonce will be provided
// to Serialize which can be used in 'nonce-{random-nonce}' values in directives.
// If a config has matched the interceptor, it will also be passed.
Serialize(nonce string, cfg safehttp.InterceptorConfig) string
// Match allows to match configurations that are specific to this policy.
Match(cfg safehttp.InterceptorConfig) bool
// Overridden is used to check if a configuration is overriding the policy.
Overridden(cfg safehttp.InterceptorConfig) (disabled, reportOnly bool)
}
Policy defines a CSP policy.
type StrictPolicy ¶
type StrictPolicy struct {
// NoStrictDynamic controls whether script-src should contain the 'strict-dynamic'
// value.
//
// See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src#strict-dynamic
// for more info.
NoStrictDynamic bool
// UnsafeEval controls whether script-src should contain the 'unsafe-eval' value.
// If enabled, the eval() JavaScript function is allowed.
UnsafeEval bool
// BaseURI controls the base-uri directive. If BaseURI is an empty string the
// directive will be set to 'none'. The base-uri directive restricts the URLs
// which can be used in a document's <base> element.
//
// See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/base-uri
// for more info.
BaseURI string
// ReportURI controls the report-uri directive. If ReportUri is empty, no report-uri
// directive will be set.
ReportURI string
// Hashes adds a set of hashes to script-src. An example of a hash would be:
// sha256-CihokcEcBW4atb/CW/XWsvWwbTjqwQlE9nj9ii5ww5M=
// which is the SHA256 hash for the script "console.log(1)".
//
// For more info, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src
Hashes []string
}
StrictPolicy can be used to build a strict, nonce-based CSP.
See https://csp.withgoogle.com/docs/strict-csp.html for more info.
func (StrictPolicy) Match ¶
func (StrictPolicy) Match(cfg safehttp.InterceptorConfig) bool
Match matches strict policies overrides.
func (StrictPolicy) Overridden ¶
func (StrictPolicy) Overridden(cfg safehttp.InterceptorConfig) (disabled, reportOnly bool)
Overridden checks the override level.
func (StrictPolicy) Serialize ¶
func (s StrictPolicy) Serialize(nonce string, _ safehttp.InterceptorConfig) string
Serialize serializes this policy for use in a Content-Security-Policy header or in a Content-Security-Policy-Report-Only header. A nonce will be provided to Serialize which can be used in 'nonce-{random-nonce}' values in directives.
type TrustedTypesPolicy ¶
type TrustedTypesPolicy struct {
// ReportURI controls the report-uri directive. If ReportUri is empty, no report-uri
// directive will be set.
ReportURI string
}
TrustedTypesPolicy policy can be used to create a new CSP which makes dangerous web API functions secure by default.
See https://web.dev/trusted-types for more info.
func (TrustedTypesPolicy) Match ¶
func (TrustedTypesPolicy) Match(cfg safehttp.InterceptorConfig) bool
Match matches strict policies overrides.
func (TrustedTypesPolicy) Overridden ¶
func (TrustedTypesPolicy) Overridden(cfg safehttp.InterceptorConfig) (disabled, reportOnly bool)
Overridden checks the override level.
func (TrustedTypesPolicy) Serialize ¶
func (t TrustedTypesPolicy) Serialize(nonce string, _ safehttp.InterceptorConfig) string
Serialize serializes this policy for use in a Content-Security-Policy header or in a Content-Security-Policy-Report-Only header. A nonce will be provided to Serialize which can be used in 'nonce-{random-nonce}' values in directives.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
Package internalunsafecsp is used internally to override CSP.
|
Package internalunsafecsp is used internally to override CSP. |
|
unsafecspfortests
Package unsafecspfortests can be used to disable CSP on specific handler registration in tests.
|
Package unsafecspfortests can be used to disable CSP on specific handler registration in tests. |
|
unsafestrictcsp
Package unsafestrictcsp can be used to disable Strict CSP protections on specific handler registration.
|
Package unsafestrictcsp can be used to disable Strict CSP protections on specific handler registration. |
|
unsafetrustedtypes
Package unsafetrustedtypes can be used to disable Trusted Types protections on specific handler registration.
|
Package unsafetrustedtypes can be used to disable Trusted Types protections on specific handler registration. |