Struct http_types::security::ContentSecurityPolicy

source · 
pub struct ContentSecurityPolicy { /* private fields */ }
Expand description

Build a Content-Security-Policy header.

Content-Security-Policy (CSP) HTTP headers are used to prevent cross-site injections. Read more

Mozilla Developer Network

Examples

use http_types::{headers, security, Response, StatusCode};

let mut policy = security::ContentSecurityPolicy::new();
policy
    .default_src(security::Source::SameOrigin)
    .default_src("areweasyncyet.rs")
    .script_src(security::Source::SameOrigin)
    .script_src(security::Source::UnsafeInline)
    .object_src(security::Source::None)
    .base_uri(security::Source::None)
    .upgrade_insecure_requests();

let mut res = Response::new(StatusCode::Ok);
res.set_body("Hello, Chashu!");

security::default(&mut res);
policy.apply(&mut res);

assert_eq!(res["content-security-policy"], "base-uri 'none'; default-src 'self' areweasyncyet.rs; object-src 'none'; script-src 'self' 'unsafe-inline'; upgrade-insecure-requests");

Implementations§

source§

impl ContentSecurityPolicy

source

pub fn new() -> Self

Create a new instance.

source

pub fn base_uri<T: AsRef<str>>(&mut self, source: T) -> &mut Self

Defines the Content-Security-Policy base-uri directive

MDN | base-uri

source

pub fn block_all_mixed_content(&mut self) -> &mut Self

Defines the Content-Security-Policy block-all-mixed-content directive

MDN | block-all-mixed-content

source

pub fn connect_src<T: AsRef<str>>(&mut self, source: T) -> &mut Self

Defines the Content-Security-Policy connect-src directive

MDN | connect-src

source

pub fn default_src<T: AsRef<str>>(&mut self, source: T) -> &mut Self

Defines the Content-Security-Policy default-src directive

MDN | default-src

source

pub fn font_src<T: AsRef<str>>(&mut self, source: T) -> &mut Self

Defines the Content-Security-Policy font-src directive

MDN | font-src

source

pub fn form_action<T: AsRef<str>>(&mut self, source: T) -> &mut Self

Defines the Content-Security-Policy form-action directive

MDN | form-action

source

pub fn frame_ancestors<T: AsRef<str>>(&mut self, source: T) -> &mut Self

Defines the Content-Security-Policy frame-ancestors directive

MDN | frame-ancestors

source

pub fn frame_src<T: AsRef<str>>(&mut self, source: T) -> &mut Self

Defines the Content-Security-Policy frame-src directive

MDN | frame-src

source

pub fn img_src<T: AsRef<str>>(&mut self, source: T) -> &mut Self

Defines the Content-Security-Policy img-src directive

MDN | img-src

source

pub fn media_src<T: AsRef<str>>(&mut self, source: T) -> &mut Self

Defines the Content-Security-Policy media-src directive

MDN | media-src

source

pub fn object_src<T: AsRef<str>>(&mut self, source: T) -> &mut Self

Defines the Content-Security-Policy object-src directive

MDN | object-src

source

pub fn plugin_types<T: AsRef<str>>(&mut self, source: T) -> &mut Self

Defines the Content-Security-Policy plugin-types directive

MDN | plugin-types

source

pub fn require_sri_for<T: AsRef<str>>(&mut self, source: T) -> &mut Self

Defines the Content-Security-Policy require-sri-for directive

MDN | require-sri-for

source

pub fn report_uri<T: AsRef<str>>(&mut self, uri: T) -> &mut Self

Defines the Content-Security-Policy report-uri directive

MDN | report-uri

source

pub fn report_to(&mut self, endpoints: Vec<ReportTo>) -> &mut Self

Defines the Content-Security-Policy report-to directive

MDN | report-to

source

pub fn sandbox<T: AsRef<str>>(&mut self, source: T) -> &mut Self

Defines the Content-Security-Policy sandbox directive

MDN | sandbox

source

pub fn script_src<T: AsRef<str>>(&mut self, source: T) -> &mut Self

Defines the Content-Security-Policy script-src directive

MDN | script-src

source

pub fn style_src<T: AsRef<str>>(&mut self, source: T) -> &mut Self

Defines the Content-Security-Policy style-src directive

MDN | style-src

source

pub fn upgrade_insecure_requests(&mut self) -> &mut Self

Defines the Content-Security-Policy upgrade-insecure-requests directive

MDN | upgrade-insecure-requests

source

pub fn worker_src<T: AsRef<str>>(&mut self, source: T) -> &mut Self

Defines the Content-Security-Policy worker-src directive

MDN | worker-src

source

pub fn report_only(&mut self) -> &mut Self

Change the header to Content-Security-Policy-Report-Only

source

pub fn apply(&mut self, headers: impl AsMut<Headers>)

Sets the Content-Security-Policy (CSP) HTTP header to prevent cross-site injections

Trait Implementations§

source§

impl Clone for ContentSecurityPolicy

source§

fn clone(&self) -> ContentSecurityPolicy

Returns a copy of the value. Read more
1.0.0 · source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
source§

impl Debug for ContentSecurityPolicy

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
source§

impl Default for ContentSecurityPolicy

source§

fn default() -> Self

Sets the Content-Security-Policy default to “script-src ‘self’; object-src ‘self’”

source§

impl PartialEq<ContentSecurityPolicy> for ContentSecurityPolicy

source§

fn eq(&self, other: &ContentSecurityPolicy) -> bool

This method tests for self and other values to be equal, and is used by ==.
1.0.0 · source§

fn ne(&self, other: &Rhs) -> bool

This method tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
source§

impl Eq for ContentSecurityPolicy

source§

impl StructuralEq for ContentSecurityPolicy

source§

impl StructuralPartialEq for ContentSecurityPolicy

Auto Trait Implementations§

Blanket Implementations§

source§

impl<T> Any for Twhere T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for Twhere T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for Twhere T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T, U> Into<U> for Twhere U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T> ToOwned for Twhere T: Clone,

§

type Owned = T

The resulting type after obtaining ownership.
source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
source§

impl<T, U> TryFrom<U> for Twhere U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for Twhere U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
source§

impl<V, T> VZip<V> for Twhere V: MultiLane<T>,

source§

fn vzip(self) -> V