pub struct ContentSecurityPolicy { /* private fields */ }Expand description
Content-Security-Policy configuration.
§Examples
use http_security_headers::ContentSecurityPolicy;
let csp = ContentSecurityPolicy::new()
.default_src(vec!["'self'"])
.script_src(vec!["'self'", "'unsafe-inline'"])
.style_src(vec!["'self'", "https://fonts.googleapis.com"])
.img_src(vec!["'self'", "data:", "https:"]);Implementations§
Source§impl ContentSecurityPolicy
impl ContentSecurityPolicy
Sourcepub fn default_src<I, S>(self, sources: I) -> Self
pub fn default_src<I, S>(self, sources: I) -> Self
Sets the default-src directive.
This serves as a fallback for other fetch directives.
Sourcepub fn script_src<I, S>(self, sources: I) -> Self
pub fn script_src<I, S>(self, sources: I) -> Self
Sets the script-src directive.
Specifies valid sources for JavaScript.
Sourcepub fn style_src<I, S>(self, sources: I) -> Self
pub fn style_src<I, S>(self, sources: I) -> Self
Sets the style-src directive.
Specifies valid sources for stylesheets.
Sourcepub fn img_src<I, S>(self, sources: I) -> Self
pub fn img_src<I, S>(self, sources: I) -> Self
Sets the img-src directive.
Specifies valid sources for images.
Sourcepub fn font_src<I, S>(self, sources: I) -> Self
pub fn font_src<I, S>(self, sources: I) -> Self
Sets the font-src directive.
Specifies valid sources for fonts.
Sourcepub fn connect_src<I, S>(self, sources: I) -> Self
pub fn connect_src<I, S>(self, sources: I) -> Self
Sets the connect-src directive.
Restricts URLs that can be loaded using script interfaces (fetch, XHR, WebSocket, etc.).
Sourcepub fn object_src<I, S>(self, sources: I) -> Self
pub fn object_src<I, S>(self, sources: I) -> Self
Sets the object-src directive.
Specifies valid sources for <object>, <embed>, and <applet> elements.
Sourcepub fn frame_src<I, S>(self, sources: I) -> Self
pub fn frame_src<I, S>(self, sources: I) -> Self
Sets the frame-src directive.
Specifies valid sources for nested browsing contexts loaded using <frame> and <iframe>.
Sourcepub fn base_uri<I, S>(self, sources: I) -> Self
pub fn base_uri<I, S>(self, sources: I) -> Self
Sets the base-uri directive.
Restricts the URLs that can be used in a document’s <base> element.
Sourcepub fn form_action<I, S>(self, sources: I) -> Self
pub fn form_action<I, S>(self, sources: I) -> Self
Sets the form-action directive.
Restricts the URLs which can be used as the target of form submissions.
Sourcepub fn frame_ancestors<I, S>(self, sources: I) -> Self
pub fn frame_ancestors<I, S>(self, sources: I) -> Self
Sets the frame-ancestors directive.
Specifies valid parents that may embed a page using <frame>, <iframe>, etc.
Sourcepub fn upgrade_insecure_requests(self) -> Self
pub fn upgrade_insecure_requests(self) -> Self
Sets the upgrade-insecure-requests directive (valueless).
Instructs browsers to upgrade all insecure requests to HTTPS.
Sourcepub fn block_all_mixed_content(self) -> Self
pub fn block_all_mixed_content(self) -> Self
Sets the block-all-mixed-content directive (valueless).
Prevents loading any mixed content (HTTP resources on HTTPS pages).
Sourcepub fn directive<I, S>(self, name: &str, sources: I) -> Self
pub fn directive<I, S>(self, name: &str, sources: I) -> Self
Sets a custom directive.
This allows setting directives not covered by the convenience methods.
Sourcepub fn to_header_value(&self) -> Result<String>
pub fn to_header_value(&self) -> Result<String>
Converts the policy to its header value string.
Trait Implementations§
Source§impl Clone for ContentSecurityPolicy
impl Clone for ContentSecurityPolicy
Source§fn clone(&self) -> ContentSecurityPolicy
fn clone(&self) -> ContentSecurityPolicy
1.0.0 (const: unstable) · Source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source. Read moreSource§impl Debug for ContentSecurityPolicy
impl Debug for ContentSecurityPolicy
Source§impl Default for ContentSecurityPolicy
impl Default for ContentSecurityPolicy
Source§impl Display for ContentSecurityPolicy
impl Display for ContentSecurityPolicy
impl Eq for ContentSecurityPolicy
Source§impl PartialEq for ContentSecurityPolicy
impl PartialEq for ContentSecurityPolicy
Source§fn eq(&self, other: &ContentSecurityPolicy) -> bool
fn eq(&self, other: &ContentSecurityPolicy) -> bool
self and other values to be equal, and is used by ==.