package content_security_policy

You can search for identifiers within the package.

in-package search v0.2.0

content_security_policy
- CHANGES
- LICENSE
- Library content_security_policy
  - Content_security_policy
    
    Source
    
    Fetch_type
    
    Monoid
- Sources
  - content_security_policy
    
    content_security_policy.ml
    
    content_security_policy__.ml
    
    crypto.ml

Legend:
Page
Library
Module
Module type
Parameter
Class
Class type
Source

Module `Content_security_policy`Source

Sourcemodule Source : sig ... end

Sourcemodule Fetch_type : sig ... end

Sourcetype t

The type representing a security policy

Sourceval sexp_of_t : t -> Sexplib0.Sexp.t

Source

val create : 
  ?report_uri:string ->
  ?base_uri:Source.t list ->
  ?form_action:Source.t list ->
  ?frame_ancestors:Source.t list ->
  insecure_requests:[ `Block | `Upgrade | `Allow ] ->
  (Fetch_type.t, Source.t list) Core.List.Assoc.t ->
  t

Create a Content Security Policy, which can be enforced by using it as a response header. The default behavior for all of the optional parameters is to allow everything (which matches the behavior if you have no CSP). Thus a no-op policy can be created by:

  create ~insecure_requests:`Allow []

While a maximally restrictive policy (except for the sandbox directive; see below) can be created by:

  create
    ~base_uri:[]
    ~form_action:[]
    ~frame_ancestors:[]
    ~insecure_requests:`Block
    [Default, [None]]

The sandbox directive isn't exposed because we don't understand how to use it properly. Please contact the library owners if this would be useful to you.

Sourceval to_string : t -> string

Sourceval header_name : string

Sourceval header_name_report_only : string

Sourcemodule Monoid : sig ... end

package content_security_policy

Module Content_security_policySource

Module `Content_security_policy`Source