Skip to main content

ContentSecurityPolicy

Struct ContentSecurityPolicy 

Source
pub struct ContentSecurityPolicy { /* private fields */ }
Expand description

Build a Content-Security-Policy header.

Content-Security-Policy (CSP) HTTP headers are used to prevent cross-site injections. Read more

Mozilla Developer Network

§Examples

use http_types::{headers, security, Response, StatusCode};

let mut policy = security::ContentSecurityPolicy::new();
policy
    .default_src(security::Source::SameOrigin)
    .default_src("areweasyncyet.rs")
    .script_src(security::Source::SameOrigin)
    .script_src(security::Source::UnsafeInline)
    .object_src(security::Source::None)
    .base_uri(security::Source::None)
    .upgrade_insecure_requests();

let mut res = Response::new(StatusCode::Ok);
res.set_body("Hello, Chashu!");

security::default(&mut res);
policy.apply(&mut res);

assert_eq!(res["content-security-policy"], "base-uri 'none'; default-src 'self' areweasyncyet.rs; object-src 'none'; script-src 'self' 'unsafe-inline'; upgrade-insecure-requests");

Implementations§

Source§

impl ContentSecurityPolicy

Source

pub fn new() -> Self

Create a new instance.

Source

pub fn base_uri<T: AsRef<str>>(&mut self, source: T) -> &mut Self

Defines the Content-Security-Policy base-uri directive

MDN | base-uri

Source

pub fn block_all_mixed_content(&mut self) -> &mut Self

Defines the Content-Security-Policy block-all-mixed-content directive

MDN | block-all-mixed-content

Source

pub fn connect_src<T: AsRef<str>>(&mut self, source: T) -> &mut Self

Defines the Content-Security-Policy connect-src directive

MDN | connect-src

Source

pub fn default_src<T: AsRef<str>>(&mut self, source: T) -> &mut Self

Defines the Content-Security-Policy default-src directive

MDN | default-src

Source

pub fn font_src<T: AsRef<str>>(&mut self, source: T) -> &mut Self

Defines the Content-Security-Policy font-src directive

MDN | font-src

Source

pub fn form_action<T: AsRef<str>>(&mut self, source: T) -> &mut Self

Defines the Content-Security-Policy form-action directive

MDN | form-action

Source

pub fn frame_ancestors<T: AsRef<str>>(&mut self, source: T) -> &mut Self

Defines the Content-Security-Policy frame-ancestors directive

MDN | frame-ancestors

Source

pub fn frame_src<T: AsRef<str>>(&mut self, source: T) -> &mut Self

Defines the Content-Security-Policy frame-src directive

MDN | frame-src

Source

pub fn img_src<T: AsRef<str>>(&mut self, source: T) -> &mut Self

Defines the Content-Security-Policy img-src directive

MDN | img-src

Source

pub fn media_src<T: AsRef<str>>(&mut self, source: T) -> &mut Self

Defines the Content-Security-Policy media-src directive

MDN | media-src

Source

pub fn object_src<T: AsRef<str>>(&mut self, source: T) -> &mut Self

Defines the Content-Security-Policy object-src directive

MDN | object-src

Source

pub fn plugin_types<T: AsRef<str>>(&mut self, source: T) -> &mut Self

Defines the Content-Security-Policy plugin-types directive

MDN | plugin-types

Source

pub fn require_sri_for<T: AsRef<str>>(&mut self, source: T) -> &mut Self

Defines the Content-Security-Policy require-sri-for directive

MDN | require-sri-for

Source

pub fn report_uri<T: AsRef<str>>(&mut self, uri: T) -> &mut Self

Defines the Content-Security-Policy report-uri directive

MDN | report-uri

Source

pub fn report_to(&mut self, endpoints: Vec<ReportTo>) -> &mut Self

Defines the Content-Security-Policy report-to directive

MDN | report-to

Source

pub fn sandbox<T: AsRef<str>>(&mut self, source: T) -> &mut Self

Defines the Content-Security-Policy sandbox directive

MDN | sandbox

Source

pub fn script_src<T: AsRef<str>>(&mut self, source: T) -> &mut Self

Defines the Content-Security-Policy script-src directive

MDN | script-src

Source

pub fn style_src<T: AsRef<str>>(&mut self, source: T) -> &mut Self

Defines the Content-Security-Policy style-src directive

MDN | style-src

Source

pub fn upgrade_insecure_requests(&mut self) -> &mut Self

Defines the Content-Security-Policy upgrade-insecure-requests directive

MDN | upgrade-insecure-requests

Source

pub fn worker_src<T: AsRef<str>>(&mut self, source: T) -> &mut Self

Defines the Content-Security-Policy worker-src directive

MDN | worker-src

Source

pub fn report_only(&mut self) -> &mut Self

Change the header to Content-Security-Policy-Report-Only

Source

pub fn apply(&mut self, headers: impl AsMut<Headers>)

Sets the Content-Security-Policy (CSP) HTTP header to prevent cross-site injections

Trait Implementations§

Source§

impl Clone for ContentSecurityPolicy

Source§

fn clone(&self) -> ContentSecurityPolicy

Returns a duplicate of the value. Read more
1.0.0 (const: unstable) · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for ContentSecurityPolicy

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Default for ContentSecurityPolicy

Source§

fn default() -> Self

Sets the Content-Security-Policy default to “script-src ‘self’; object-src ‘self’”

Source§

impl Eq for ContentSecurityPolicy

Source§

impl PartialEq for ContentSecurityPolicy

Source§

fn eq(&self, other: &ContentSecurityPolicy) -> bool

Equality operator ==. Read more
1.0.0 (const: unstable) · Source§

fn ne(&self, other: &Rhs) -> bool

Inequality operator !=. Read more
Source§

impl StructuralPartialEq for ContentSecurityPolicy

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<ST, DT> CastableFrom<ST, Initialized, Initialized> for DT
where ST: ?Sized, DT: ?Sized,

Source§

impl<ST, DT> CastableFrom<ST, Uninit, Uninit> for DT
where ST: ?Sized, DT: ?Sized,

Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Read<Exclusive, BecauseExclusive> for T
where T: ?Sized,

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V