package content_security_policy

  1. Overview
  2. Docs
Legend:
Library
Module
Module type
Parameter
Class
Class type
module Hash_algorithm : sig ... end
module Source : sig ... end
module Fetch_type : sig ... end
type t
val sexp_of_t : t -> Sexplib0.Sexp.t
val create : ?report_uri:string -> ?base_uri:Source.t list -> ?form_action:Source.t list -> ?frame_ancestors:Source.t list -> ?plugin_types:string list -> ?require_sri_for_script:unit -> ?require_sri_for_style:unit -> insecure_requests:[ `Block | `Upgrade | `Allow ] -> (Fetch_type.t, Source.t list) Core.List.Assoc.t -> t

Create a Content Security Policy, which can be enforced by using it as a response header. The default behavior for all of the optional parameters is to allow everything (which matches the behavior if you have no CSP). Thus a no-op policy can be created by:

create ~insecure_requests:`Allow []

While a maximally restrictive policy (except for the sandbox directive; see below) can be created by:

create
  ~base_uri:[]
  ~form_action:[]
  ~frame_ancestors:[]
  ~require_sri_for_script:()
  ~require_sri_for_style:()
  ~insecure_requests:`Block
  [Default, [None]]

The sandbox directive isn't exposed because we don't understand how to use it properly. Please contact the library owners if this would be useful to you.

val to_string : t -> string
val header_name : string
val header_name_report_only : string
OCaml

Innovation. Community. Security.