Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AllowDirective ¶
type AllowDirective struct{}
AllowDirective always allows access to the context.
func (AllowDirective) Check ¶
func (AllowDirective) Check(Policy, SourceContext) (bool, error)
Check implements Directive.
type Directive ¶
type Directive interface { // Check the context and return whether or not it's allowed. Check(Policy, SourceContext) (bool, error) }
Directive is a rule for a CSP directive.
type HashSource ¶
HashSource is a SourceDirective rule that matches the hash of content.
func (HashSource) Check ¶
func (s HashSource) Check(ctx SourceContext) (bool, error)
Check if the ctx hash matches this hash.
type Policy ¶
type Policy struct { Directives map[string]Directive UpgradeInsecureRequests bool BlockAllMixedContent bool }
Policy represents the entire CSP policy and its directives.
func ParsePolicy ¶
ParsePolicy parses all the directives in a CSP policy.
type Report ¶
type Report struct { Document string Blocked string DirectiveName string Directive Directive Context SourceContext }
Report contains information about a CSP violation.
func ValidatePage ¶
ValidatePage checks that an HTML page passes the specified CSP policy.
type SourceContext ¶
type SourceContext struct { URL url.URL Page url.URL UnsafeInline bool UnsafeEval bool Nonce string Body []byte }
SourceContext is the context required by a CSP policy.
type SourceDirective ¶
type SourceDirective struct { None bool Nonces map[string]bool Hashes []HashSource UnsafeEval bool UnsafeInline bool Self bool Schemes map[string]bool Hosts []glob.Glob // contains filtered or unexported fields }
SourceDirective is used to enforce a CSP source policy on a URL.
func ParseSourceDirective ¶
func ParseSourceDirective(sources []string) (SourceDirective, error)
ParseSourceDirective parses a source directive arguments.
func (SourceDirective) Check ¶
func (s SourceDirective) Check(p Policy, ctx SourceContext) (bool, error)
Check that the SourceContext is allowed for this SourceDirective.
func (*SourceDirective) ParseSource ¶
func (s *SourceDirective) ParseSource(source string) error
ParseSource parses a source and adds it to the SourceDirective.
func (*SourceDirective) Validate ¶
func (s *SourceDirective) Validate() error
Validate checks the source policy to make sure it's valid.