http_types::security

Struct ContentSecurityPolicy

pub struct ContentSecurityPolicy { /* private fields */ }

Expand description

Build a Content-Security-Policy header.

Content-Security-Policy (CSP) HTTP headers are used to prevent cross-site injections. Read more

Mozilla Developer Network

§Examples

use http_types::{headers, security, Response, StatusCode};

let mut policy = security::ContentSecurityPolicy::new();
policy
    .default_src(security::Source::SameOrigin)
    .default_src("areweasyncyet.rs")
    .script_src(security::Source::SameOrigin)
    .script_src(security::Source::UnsafeInline)
    .object_src(security::Source::None)
    .base_uri(security::Source::None)
    .upgrade_insecure_requests();

let mut res = Response::new(StatusCode::Ok);
res.set_body("Hello, Chashu!");

security::default(&mut res);
policy.apply(&mut res);

assert_eq!(res["content-security-policy"], "base-uri 'none'; default-src 'self' areweasyncyet.rs; object-src 'none'; script-src 'self' 'unsafe-inline'; upgrade-insecure-requests");

Implementations§

impl ContentSecurityPolicy

pub fn new() -> Self

Create a new instance.

pub fn base_uri<T: AsRef<str>>(&mut self, source: T) -> &mut Self

Defines the Content-Security-Policy base-uri directive

pub fn block_all_mixed_content(&mut self) -> &mut Self

Defines the Content-Security-Policy block-all-mixed-content directive

MDN | block-all-mixed-content

pub fn connect_src<T: AsRef<str>>(&mut self, source: T) -> &mut Self

Defines the Content-Security-Policy connect-src directive

MDN | connect-src

pub fn default_src<T: AsRef<str>>(&mut self, source: T) -> &mut Self

Defines the Content-Security-Policy default-src directive

MDN | default-src

pub fn font_src<T: AsRef<str>>(&mut self, source: T) -> &mut Self

Defines the Content-Security-Policy font-src directive

pub fn form_action<T: AsRef<str>>(&mut self, source: T) -> &mut Self

Defines the Content-Security-Policy form-action directive

MDN | form-action

pub fn frame_ancestors<T: AsRef<str>>(&mut self, source: T) -> &mut Self

Defines the Content-Security-Policy frame-ancestors directive

MDN | frame-ancestors

pub fn frame_src<T: AsRef<str>>(&mut self, source: T) -> &mut Self

Defines the Content-Security-Policy frame-src directive

MDN | frame-src

pub fn img_src<T: AsRef<str>>(&mut self, source: T) -> &mut Self

Defines the Content-Security-Policy img-src directive

pub fn media_src<T: AsRef<str>>(&mut self, source: T) -> &mut Self

Defines the Content-Security-Policy media-src directive

MDN | media-src

pub fn object_src<T: AsRef<str>>(&mut self, source: T) -> &mut Self

Defines the Content-Security-Policy object-src directive

MDN | object-src

pub fn plugin_types<T: AsRef<str>>(&mut self, source: T) -> &mut Self

Defines the Content-Security-Policy plugin-types directive

MDN | plugin-types

pub fn require_sri_for<T: AsRef<str>>(&mut self, source: T) -> &mut Self

Defines the Content-Security-Policy require-sri-for directive

MDN | require-sri-for

pub fn report_uri<T: AsRef<str>>(&mut self, uri: T) -> &mut Self

Defines the Content-Security-Policy report-uri directive

MDN | report-uri

pub fn report_to(&mut self, endpoints: Vec<ReportTo>) -> &mut Self

Defines the Content-Security-Policy report-to directive

MDN | report-to

pub fn sandbox<T: AsRef<str>>(&mut self, source: T) -> &mut Self

Defines the Content-Security-Policy sandbox directive

pub fn script_src<T: AsRef<str>>(&mut self, source: T) -> &mut Self

Defines the Content-Security-Policy script-src directive

MDN | script-src

pub fn style_src<T: AsRef<str>>(&mut self, source: T) -> &mut Self

Defines the Content-Security-Policy style-src directive

MDN | style-src

pub fn upgrade_insecure_requests(&mut self) -> &mut Self

Defines the Content-Security-Policy upgrade-insecure-requests directive

MDN | upgrade-insecure-requests

pub fn worker_src<T: AsRef<str>>(&mut self, source: T) -> &mut Self

Defines the Content-Security-Policy worker-src directive

MDN | worker-src

pub fn report_only(&mut self) -> &mut Self

Change the header to Content-Security-Policy-Report-Only

pub fn apply(&mut self, headers: impl AsMut<Headers>)

Sets the Content-Security-Policy (CSP) HTTP header to prevent cross-site injections

Trait Implementations§

impl Clone for ContentSecurityPolicy

fn clone(&self) -> ContentSecurityPolicy

Returns a copy of the value. Read more

1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more

impl Debug for ContentSecurityPolicy

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

impl Default for ContentSecurityPolicy

fn default() -> Self

Sets the Content-Security-Policy default to “script-src ‘self’; object-src ‘self’”

impl PartialEq for ContentSecurityPolicy

fn eq(&self, other: &ContentSecurityPolicy) -> bool

Tests for self and other values to be equal, and is used by ==.

1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl Eq for ContentSecurityPolicy

impl StructuralPartialEq for ContentSecurityPolicy

Auto Trait Implementations§

impl Freeze for ContentSecurityPolicy

impl RefUnwindSafe for ContentSecurityPolicy

impl Send for ContentSecurityPolicy

impl Sync for ContentSecurityPolicy

impl Unpin for ContentSecurityPolicy

impl UnwindSafe for ContentSecurityPolicy

Blanket Implementations§

impl<T> Any for T
where T: 'static + ?Sized,

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more

impl<T> Borrow<T> for T
where T: ?Sized,

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more

impl<T> BorrowMut<T> for T
where T: ?Sized,

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more

impl<T> CloneToUninit for T
where T: Clone,

unsafe fn clone_to_uninit(&self, dst: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)

Performs copy-assignment from self to dst. Read more

impl<T> From<T> for T

fn from(t: T) -> T

Returns the argument unchanged.

impl<T> Instrument for T

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more

impl<T, U> Into<U> for T
where U: From<T>,

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

impl<T> Same for T

type Output = T

Should always be Self

impl<T> ToOwned for T
where T: Clone,

type Owned = T

The resulting type after obtaining ownership.

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more

impl<T, U> TryFrom<U> for T
where U: Into<T>,

type Error = Infallible

The type returned in the event of a conversion error.

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

fn vzip(self) -> V

impl<T> WithSubscriber for T

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more

impl<T> ErasedDestructor for T
where T: 'static,

impl<T> MaybeSendSync for T