class Marten::HTTP::ContentSecurityPolicy
- Marten::HTTP::ContentSecurityPolicy
- Reference
- Object
Overview
Represents a Content-Security-Policy response header.
This class can be leveraged to configure the value of the HTTP Content-Security-Policy response header and enhance protection against cross-site scripting (XSS) and injection attacks.
policy = Marten::HTTP::ContentSecurityPolicy.new do |csp|
csp.default_src = {:self, "example.com"}
end
policy.build # => "default-src 'self' example.com"
Defined in:
marten/http/content_security_policy.crConstructors
Instance Method Summary
-
#base_uri=(value : Array | Nil | String | Symbol | Tuple)
Allows to set the base-uri directive or remove it (if a
nil
value is specified). - #block_all_mixed_content=(enabled : Bool)
- #build(nonce : String | Nil = nil, nonce_directives : Array(String) | Nil = nil)
-
#child_src=(value : Array | Nil | String | Symbol | Tuple)
Allows to set the child-src directive or remove it (if a
nil
value is specified). - #clone
-
#connect_src=(value : Array | Nil | String | Symbol | Tuple)
Allows to set the connect-src directive or remove it (if a
nil
value is specified). -
#default_src=(value : Array | Nil | String | Symbol | Tuple)
Allows to set the default-src directive or remove it (if a
nil
value is specified). -
#directives : Hash(String, Array(String) | Bool)
Returns the policy directives.
-
#font_src=(value : Array | Nil | String | Symbol | Tuple)
Allows to set the font-src directive or remove it (if a
nil
value is specified). -
#form_action=(value : Array | Nil | String | Symbol | Tuple)
Allows to set the form-action directive or remove it (if a
nil
value is specified). -
#frame_ancestors=(value : Array | Nil | String | Symbol | Tuple)
Allows to set the frame-ancestors directive or remove it (if a
nil
value is specified). -
#frame_src=(value : Array | Nil | String | Symbol | Tuple)
Allows to set the frame-src directive or remove it (if a
nil
value is specified). -
#img_src=(value : Array | Nil | String | Symbol | Tuple)
Allows to set the img-src directive or remove it (if a
nil
value is specified). -
#manifest_src=(value : Array | Nil | String | Symbol | Tuple)
Allows to set the manifest-src directive or remove it (if a
nil
value is specified). -
#media_src=(value : Array | Nil | String | Symbol | Tuple)
Allows to set the media-src directive or remove it (if a
nil
value is specified). -
#navigate_to=(value : Array | Nil | String | Symbol | Tuple)
Allows to set the navigate-to directive or remove it (if a
nil
value is specified). -
#object_src=(value : Array | Nil | String | Symbol | Tuple)
Allows to set the object-src directive or remove it (if a
nil
value is specified). -
#plugin_types=(value : Array | Nil | String | Symbol | Tuple)
Allows to set the plugin-types directive or remove it (if a
nil
value is specified). -
#prefetch_src=(value : Array | Nil | String | Symbol | Tuple)
Allows to set the prefetch-src directive or remove it (if a
nil
value is specified). -
#report_to=(value : Array | Nil | String | Symbol | Tuple)
Allows to set the report-to directive or remove it (if a
nil
value is specified). -
#report_uri=(value : Array | Nil | String | Symbol | Tuple)
Allows to set the report-uri directive or remove it (if a
nil
value is specified). -
#require_sri_for=(value : Array | Nil | String | Symbol | Tuple)
Allows to set the require-sri-for directive or remove it (if a
nil
value is specified). -
#sandbox=(value : Array | Nil | String | Symbol | Tuple)
Allows to set the sandbox directive or remove it (if a
nil
value is specified). -
#script_src=(value : Array | Nil | String | Symbol | Tuple)
Allows to set the script-src directive or remove it (if a
nil
value is specified). -
#script_src_attr=(value : Array | Nil | String | Symbol | Tuple)
Allows to set the script-src-attr directive or remove it (if a
nil
value is specified). -
#script_src_elem=(value : Array | Nil | String | Symbol | Tuple)
Allows to set the script-src-elem directive or remove it (if a
nil
value is specified). -
#style_src=(value : Array | Nil | String | Symbol | Tuple)
Allows to set the style-src directive or remove it (if a
nil
value is specified). -
#style_src_attr=(value : Array | Nil | String | Symbol | Tuple)
Allows to set the style-src-attr directive or remove it (if a
nil
value is specified). -
#style_src_elem=(value : Array | Nil | String | Symbol | Tuple)
Allows to set the style-src-elem directive or remove it (if a
nil
value is specified). - #upgrade_insecure_requests=(enabled : Bool)
-
#worker_src=(value : Array | Nil | String | Symbol | Tuple)
Allows to set the worker-src directive or remove it (if a
nil
value is specified).
Constructor Detail
Instance Method Detail
Allows to set the base-uri directive or remove it (if a nil
value is specified).
Allows to set the child-src directive or remove it (if a nil
value is specified).
Allows to set the connect-src directive or remove it (if a nil
value is specified).
Allows to set the default-src directive or remove it (if a nil
value is specified).
Allows to set the font-src directive or remove it (if a nil
value is specified).
Allows to set the form-action directive or remove it (if a nil
value is specified).
Allows to set the frame-ancestors directive or remove it (if a nil
value is specified).
Allows to set the frame-src directive or remove it (if a nil
value is specified).
Allows to set the img-src directive or remove it (if a nil
value is specified).
Allows to set the manifest-src directive or remove it (if a nil
value is specified).
Allows to set the media-src directive or remove it (if a nil
value is specified).
Allows to set the object-src directive or remove it (if a nil
value is specified).
Allows to set the plugin-types directive or remove it (if a nil
value is specified).
Allows to set the prefetch-src directive or remove it (if a nil
value is specified).
Allows to set the report-to directive or remove it (if a nil
value is specified).
Allows to set the report-uri directive or remove it (if a nil
value is specified).
Allows to set the require-sri-for directive or remove it (if a nil
value is specified).
Allows to set the sandbox directive or remove it (if a nil
value is specified).
Allows to set the script-src directive or remove it (if a nil
value is specified).
Allows to set the script-src-attr directive or remove it (if a nil
value is specified).
Allows to set the script-src-elem directive or remove it (if a nil
value is specified).
Allows to set the style-src directive or remove it (if a nil
value is specified).
Allows to set the style-src-attr directive or remove it (if a nil
value is specified).
Allows to set the style-src-elem directive or remove it (if a nil
value is specified).
Allows to set the worker-src directive or remove it (if a nil
value is specified).