class Marten::HTTP::ContentSecurityPolicy

Overview

Represents a Content-Security-Policy response header.

This class can be leveraged to configure the value of the HTTP Content-Security-Policy response header and enhance protection against cross-site scripting (XSS) and injection attacks.

policy = Marten::HTTP::ContentSecurityPolicy.new do |csp|
  csp.default_src = {:self, "example.com"}
end

policy.build # => "default-src 'self' example.com"

Defined in:

marten/http/content_security_policy.cr

Constructors

Instance Method Summary

Constructor Detail

def self.new(&) #

[View source]
def self.new(directives : Hash(String, Array(String) | Bool)) #

[View source]
def self.new #

[View source]

Instance Method Detail

def base_uri=(value : Array | Nil | String | Symbol | Tuple) #

Allows to set the base-uri directive or remove it (if a nil value is specified).


[View source]
def block_all_mixed_content=(enabled : Bool) #

[View source]
def build(nonce : String | Nil = nil, nonce_directives : Array(String) | Nil = nil) #

[View source]
def child_src=(value : Array | Nil | String | Symbol | Tuple) #

Allows to set the child-src directive or remove it (if a nil value is specified).


[View source]
def clone #

[View source]
def connect_src=(value : Array | Nil | String | Symbol | Tuple) #

Allows to set the connect-src directive or remove it (if a nil value is specified).


[View source]
def default_src=(value : Array | Nil | String | Symbol | Tuple) #

Allows to set the default-src directive or remove it (if a nil value is specified).


[View source]
def directives : Hash(String, Array(String) | Bool) #

Returns the policy directives.


[View source]
def font_src=(value : Array | Nil | String | Symbol | Tuple) #

Allows to set the font-src directive or remove it (if a nil value is specified).


[View source]
def form_action=(value : Array | Nil | String | Symbol | Tuple) #

Allows to set the form-action directive or remove it (if a nil value is specified).


[View source]
def frame_ancestors=(value : Array | Nil | String | Symbol | Tuple) #

Allows to set the frame-ancestors directive or remove it (if a nil value is specified).


[View source]
def frame_src=(value : Array | Nil | String | Symbol | Tuple) #

Allows to set the frame-src directive or remove it (if a nil value is specified).


[View source]
def img_src=(value : Array | Nil | String | Symbol | Tuple) #

Allows to set the img-src directive or remove it (if a nil value is specified).


[View source]
def manifest_src=(value : Array | Nil | String | Symbol | Tuple) #

Allows to set the manifest-src directive or remove it (if a nil value is specified).


[View source]
def media_src=(value : Array | Nil | String | Symbol | Tuple) #

Allows to set the media-src directive or remove it (if a nil value is specified).


[View source]
def navigate_to=(value : Array | Nil | String | Symbol | Tuple) #

Allows to set the navigate-to directive or remove it (if a nil value is specified).


[View source]
def object_src=(value : Array | Nil | String | Symbol | Tuple) #

Allows to set the object-src directive or remove it (if a nil value is specified).


[View source]
def plugin_types=(value : Array | Nil | String | Symbol | Tuple) #

Allows to set the plugin-types directive or remove it (if a nil value is specified).


[View source]
def prefetch_src=(value : Array | Nil | String | Symbol | Tuple) #

Allows to set the prefetch-src directive or remove it (if a nil value is specified).


[View source]
def report_to=(value : Array | Nil | String | Symbol | Tuple) #

Allows to set the report-to directive or remove it (if a nil value is specified).


[View source]
def report_uri=(value : Array | Nil | String | Symbol | Tuple) #

Allows to set the report-uri directive or remove it (if a nil value is specified).


[View source]
def require_sri_for=(value : Array | Nil | String | Symbol | Tuple) #

Allows to set the require-sri-for directive or remove it (if a nil value is specified).


[View source]
def sandbox=(value : Array | Nil | String | Symbol | Tuple) #

Allows to set the sandbox directive or remove it (if a nil value is specified).


[View source]
def script_src=(value : Array | Nil | String | Symbol | Tuple) #

Allows to set the script-src directive or remove it (if a nil value is specified).


[View source]
def script_src_attr=(value : Array | Nil | String | Symbol | Tuple) #

Allows to set the script-src-attr directive or remove it (if a nil value is specified).


[View source]
def script_src_elem=(value : Array | Nil | String | Symbol | Tuple) #

Allows to set the script-src-elem directive or remove it (if a nil value is specified).


[View source]
def style_src=(value : Array | Nil | String | Symbol | Tuple) #

Allows to set the style-src directive or remove it (if a nil value is specified).


[View source]
def style_src_attr=(value : Array | Nil | String | Symbol | Tuple) #

Allows to set the style-src-attr directive or remove it (if a nil value is specified).


[View source]
def style_src_elem=(value : Array | Nil | String | Symbol | Tuple) #

Allows to set the style-src-elem directive or remove it (if a nil value is specified).


[View source]
def upgrade_insecure_requests=(enabled : Bool) #

[View source]
def worker_src=(value : Array | Nil | String | Symbol | Tuple) #

Allows to set the worker-src directive or remove it (if a nil value is specified).


[View source]