package content_security_policy

  1. Overview
  2. Docs
package content_security_policy
Legend:
Library
Module
Module type
Parameter
Class
Class type
module Hash_algorithm : sig ... end
module Source : sig ... end
module Fetch_type : sig ... end
type t
val sexp_of_t : t -> Sexplib0.Sexp.t
val create : ?report_uri:string -> ?base_uri:Source.t list -> ?form_action:Source.t list -> ?frame_ancestors:Source.t list -> ?plugin_types:string list -> ?require_sri_for_script:unit -> ?require_sri_for_style:unit -> insecure_requests:[ `Block | `Upgrade | `Allow ] -> (Fetch_type.t, Source.t list) Core.List.Assoc.t -> t

Create a Content Security Policy, which can be enforced by using it as a response header. The default behavior for all of the optional parameters is to allow everything (which matches the behavior if you have no CSP). Thus a no-op policy can be created by:

create ~insecure_requests:`Allow []

While a maximally restrictive policy (except for the sandbox directive; see below) can be created by:

create
  ~base_uri:[]
  ~form_action:[]
  ~frame_ancestors:[]
  ~require_sri_for_script:()
  ~require_sri_for_style:()
  ~insecure_requests:`Block
  [Default, [None]]

The sandbox directive isn't exposed because we don't understand how to use it properly. Please contact the library owners if this would be useful to you.

val to_string : t -> string
val header_name : string
val header_name_report_only : string
OCaml

Innovation. Community. Security.

GitHub Discord Twitter Peertube RSS
About
Changelog Releases Industrial Users Academic Users Why OCaml
Ecosystem
Packages Community Events OCaml Planet Jobs
Resources
Install OCaml Get Started Platform Tools Language Manual Standard Library API Books Exercises Papers OCaml Playground Logo
Policies
Carbon Footprint Governance Privacy Code of Conduct