ContentSecurityPolicy

http_security_headers::policy::csp

Struct ContentSecurityPolicy 

Source 
pub struct ContentSecurityPolicy { /* private fields */ }
Expand description

Content-Security-Policy configuration.

§Examples

use http_security_headers::ContentSecurityPolicy;

let csp = ContentSecurityPolicy::new()
    .default_src(vec!["'self'"])
    .script_src(vec!["'self'", "'unsafe-inline'"])
    .style_src(vec!["'self'", "https://fonts.googleapis.com"])
    .img_src(vec!["'self'", "data:", "https:"]);

Implementations§

Source§

impl ContentSecurityPolicy

Source

pub fn new() -> Self

Creates a new empty CSP policy.

Source

pub fn default_src<I, S>(self, sources: I) -> Self
where I: IntoIterator<Item = S>, S: Into<String>,

Sets the default-src directive.

This serves as a fallback for other fetch directives.

Source

pub fn script_src<I, S>(self, sources: I) -> Self
where I: IntoIterator<Item = S>, S: Into<String>,

Sets the script-src directive.

Specifies valid sources for JavaScript.

Source

pub fn style_src<I, S>(self, sources: I) -> Self
where I: IntoIterator<Item = S>, S: Into<String>,

Sets the style-src directive.

Specifies valid sources for stylesheets.

Source

pub fn img_src<I, S>(self, sources: I) -> Self
where I: IntoIterator<Item = S>, S: Into<String>,

Sets the img-src directive.

Specifies valid sources for images.

Source

pub fn font_src<I, S>(self, sources: I) -> Self
where I: IntoIterator<Item = S>, S: Into<String>,

Sets the font-src directive.

Specifies valid sources for fonts.

Source

pub fn connect_src<I, S>(self, sources: I) -> Self
where I: IntoIterator<Item = S>, S: Into<String>,

Sets the connect-src directive.

Restricts URLs that can be loaded using script interfaces (fetch, XHR, WebSocket, etc.).

Source

pub fn object_src<I, S>(self, sources: I) -> Self
where I: IntoIterator<Item = S>, S: Into<String>,

Sets the object-src directive.

Specifies valid sources for <object>, <embed>, and <applet> elements.

Source

pub fn frame_src<I, S>(self, sources: I) -> Self
where I: IntoIterator<Item = S>, S: Into<String>,

Sets the frame-src directive.

Specifies valid sources for nested browsing contexts loaded using <frame> and <iframe>.

Source

pub fn base_uri<I, S>(self, sources: I) -> Self
where I: IntoIterator<Item = S>, S: Into<String>,

Sets the base-uri directive.

Restricts the URLs that can be used in a document’s <base> element.

Source

pub fn form_action<I, S>(self, sources: I) -> Self
where I: IntoIterator<Item = S>, S: Into<String>,

Sets the form-action directive.

Restricts the URLs which can be used as the target of form submissions.

Source

pub fn frame_ancestors<I, S>(self, sources: I) -> Self
where I: IntoIterator<Item = S>, S: Into<String>,

Sets the frame-ancestors directive.

Specifies valid parents that may embed a page using <frame>, <iframe>, etc.

Source

pub fn upgrade_insecure_requests(self) -> Self

Sets the upgrade-insecure-requests directive (valueless).

Instructs browsers to upgrade all insecure requests to HTTPS.

Source

pub fn block_all_mixed_content(self) -> Self

Sets the block-all-mixed-content directive (valueless).

Prevents loading any mixed content (HTTP resources on HTTPS pages).

Source

pub fn directive<I, S>(self, name: &str, sources: I) -> Self
where I: IntoIterator<Item = S>, S: Into<String>,

Sets a custom directive.

This allows setting directives not covered by the convenience methods.

Source

pub fn to_header_value(&self) -> Result<String>

Converts the policy to its header value string.

Source

pub fn parse(value: &str) -> Result<Self>

Parses a CSP policy from a header value string.

§Examples
use http_security_headers::ContentSecurityPolicy;

let csp = ContentSecurityPolicy::parse("default-src 'self'; script-src 'unsafe-inline'").unwrap();

Trait Implementations§

Source§

impl Clone for ContentSecurityPolicy

Source§

fn clone(&self) -> ContentSecurityPolicy

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for ContentSecurityPolicy

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Default for ContentSecurityPolicy

Source§

fn default() -> Self

Returns the “default value” for a type. Read more
Source§

impl Display for ContentSecurityPolicy

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl PartialEq for ContentSecurityPolicy

Source§

fn eq(&self, other: &ContentSecurityPolicy) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl Eq for ContentSecurityPolicy

Source§

impl StructuralPartialEq for ContentSecurityPolicy

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T> ToString for T
where T: Display + ?Sized,

Source§

fn to_string(&self) -> String

Converts the given value to a String. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.