package content_security_policy

  1. Overview
  2. Docs
package content_security_policy
Legend:
Library
Module
Module type
Parameter
Class
Class type
module Source : sig ... end
module Fetch_type : sig ... end
type t

The type representing a security policy

val sexp_of_t : t -> Sexplib0.Sexp.t
val create : ?report_uri:string -> ?base_uri:Source.t list -> ?form_action:Source.t list -> ?frame_ancestors:Source.t list -> insecure_requests:[ `Block | `Upgrade | `Allow ] -> (Fetch_type.t, Source.t list) Core.List.Assoc.t -> t

Create a Content Security Policy, which can be enforced by using it as a response header. The default behavior for all of the optional parameters is to allow everything (which matches the behavior if you have no CSP). Thus a no-op policy can be created by:

create ~insecure_requests:`Allow []

While a maximally restrictive policy (except for the sandbox directive; see below) can be created by:

create
  ~base_uri:[]
  ~form_action:[]
  ~frame_ancestors:[]
  ~insecure_requests:`Block
  [Default, [None]]

The sandbox directive isn't exposed because we don't understand how to use it properly. Please contact the library owners if this would be useful to you.

val to_string : t -> string
val header_name : string
val header_name_report_only : string
module Monoid : sig ... end
OCaml

Innovation. Community. Security.

GitHub Discord Twitter Peertube RSS
About
Changelog Releases Industrial Users Academic Users Why OCaml
Ecosystem
Packages Community Events OCaml Planet Jobs
Resources
Install OCaml Get Started Platform Tools Language Manual Standard Library API Books Exercises Papers OCaml Playground Logo
Policies
Carbon Footprint Governance Privacy Code of Conduct