Struct http_types::security::ContentSecurityPolicy

pub struct ContentSecurityPolicy { /* fields omitted */ }

Build a Content-Security-Policy header.

Content-Security-Policy (CSP) HTTP headers are used to prevent cross-site injections.

Mozilla Developer Network

Examples

use http_types::{headers, security, Response, StatusCode};

let mut policy = security::ContentSecurityPolicy::new();
policy
    .default_src(security::Source::SameOrigin)
    .default_src("areweasyncyet.rs")
    .script_src(security::Source::SameOrigin)
    .script_src(security::Source::UnsafeInline)
    .object_src(security::Source::None)
    .base_uri(security::Source::None)
    .upgrade_insecure_requests();

let mut res = Response::new(StatusCode::Ok);
res.set_body("Hello, Chashu!");

security::default(&mut res);
policy.apply(&mut res);

assert_eq!(res["content-security-policy"], "base-uri 'none'; default-src 'self' areweasyncyet.rs; object-src 'none'; script-src 'self' 'unsafe-inline'; upgrade-insecure-requests");

Implementations

impl ContentSecurityPolicy

pub fn new() -> Self

Create a new instance.

pub fn base_uri<T: AsRef<str>>(&mut self, source: T) -> &mut Self

Defines the Content-Security-Policy base-uri directive

MDN | base-uri

pub fn block_all_mixed_content(&mut self) -> &mut Self

Defines the Content-Security-Policy block-all-mixed-content directive

MDN | block-all-mixed-content

pub fn connect_src<T: AsRef<str>>(&mut self, source: T) -> &mut Self

Defines the Content-Security-Policy connect-src directive

MDN | connect-src

pub fn default_src<T: AsRef<str>>(&mut self, source: T) -> &mut Self

Defines the Content-Security-Policy default-src directive

MDN | default-src

pub fn font_src<T: AsRef<str>>(&mut self, source: T) -> &mut Self

Defines the Content-Security-Policy font-src directive

MDN | font-src

pub fn form_action<T: AsRef<str>>(&mut self, source: T) -> &mut Self

Defines the Content-Security-Policy form-action directive

MDN | form-action

pub fn frame_ancestors<T: AsRef<str>>(&mut self, source: T) -> &mut Self

Defines the Content-Security-Policy frame-ancestors directive

MDN | frame-ancestors

pub fn frame_src<T: AsRef<str>>(&mut self, source: T) -> &mut Self

Defines the Content-Security-Policy frame-src directive

MDN | frame-src

pub fn img_src<T: AsRef<str>>(&mut self, source: T) -> &mut Self

Defines the Content-Security-Policy img-src directive

MDN | img-src

pub fn media_src<T: AsRef<str>>(&mut self, source: T) -> &mut Self

Defines the Content-Security-Policy media-src directive

MDN | media-src

pub fn object_src<T: AsRef<str>>(&mut self, source: T) -> &mut Self

Defines the Content-Security-Policy object-src directive

MDN | object-src

pub fn plugin_types<T: AsRef<str>>(&mut self, source: T) -> &mut Self

Defines the Content-Security-Policy plugin-types directive

MDN | plugin-types

pub fn require_sri_for<T: AsRef<str>>(&mut self, source: T) -> &mut Self

Defines the Content-Security-Policy require-sri-for directive

MDN | require-sri-for

pub fn report_uri<T: AsRef<str>>(&mut self, uri: T) -> &mut Self

Defines the Content-Security-Policy report-uri directive

MDN | report-uri

pub fn report_to(&mut self, endpoints: Vec<ReportTo>) -> &mut Self

Defines the Content-Security-Policy report-to directive

MDN | report-to

pub fn sandbox<T: AsRef<str>>(&mut self, source: T) -> &mut Self

Defines the Content-Security-Policy sandbox directive

MDN | sandbox

pub fn script_src<T: AsRef<str>>(&mut self, source: T) -> &mut Self

Defines the Content-Security-Policy script-src directive

MDN | script-src

pub fn style_src<T: AsRef<str>>(&mut self, source: T) -> &mut Self

Defines the Content-Security-Policy style-src directive

MDN | style-src

pub fn upgrade_insecure_requests(&mut self) -> &mut Self

Defines the Content-Security-Policy upgrade-insecure-requests directive

MDN | upgrade-insecure-requests

pub fn worker_src<T: AsRef<str>>(&mut self, source: T) -> &mut Self

Defines the Content-Security-Policy worker-src directive

MDN | worker-src

pub fn report_only(&mut self) -> &mut Self

Change the header to Content-Security-Policy-Report-Only

pub fn apply(&mut self, headers: impl AsMut<Headers>)

Sets the Content-Security-Policy (CSP) HTTP header to prevent cross-site injections

Trait Implementations

impl Clone for ContentSecurityPolicy

fn clone(&self) -> ContentSecurityPolicy

Returns a copy of the value.

pub fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for ContentSecurityPolicy

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for ContentSecurityPolicy

fn default() -> Self

Sets the Content-Security-Policy default to “script-src ‘self’; object-src ‘self’”

impl Eq for ContentSecurityPolicy

impl PartialEq<ContentSecurityPolicy> for ContentSecurityPolicy

fn eq(&self, other: &ContentSecurityPolicy) -> bool

This method tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &ContentSecurityPolicy) -> bool

This method tests for !=.

impl StructuralEq for ContentSecurityPolicy

impl StructuralPartialEq for ContentSecurityPolicy