| CARVIEW |
yesod-middleware-csp: A middleware for building CSP headers on the fly
Deals with CSP without disabling it. This is done by overriding the default yesod provided addScript functionalities and adding a nonce to the tag, and the right headers to the request.
[Skip to Readme]
Downloads
- yesod-middleware-csp-1.2.0.tar.gz [browse] (Cabal source package)
- Package description (as included in the package)
Maintainer's Corner
For package maintainers and hackage trustees
Candidates
| Versions [RSS] | 1.0.0, 1.0.1, 1.0.2, 1.1.0, 1.2.0 |
|---|---|
| Change log | changelog.md |
| Dependencies | base (>=4 && <5), base64-bytestring (>=1.0.0 && <1.3), bytestring (>=0.9 && <0.12), classy-prelude (>=1.5.0 && <1.6), conduit (>=1.3.1 && <1.4), containers (>=0.6.0 && <0.7), directory (>=1.3.3 && <1.4), filepath (>=1.4.2 && <1.5), http-client (>=0.6.4 && <0.8), network-uri (>=2.6.1 && <2.7), template-haskell (>=2.14.0 && <3.0), text (>=1.2.3 && <3.0), time (>=1.8.0 && <2.0), uuid (>=1.3.13 && <1.4), yesod (>=1.6.0 && <1.7), yesod-core (>=1.6.16 && <1.7), yesod-static (>=1.6 && <1.7) [details] |
| License | MIT |
| Author | Jezen Thomas <jezen@supercede.com> |
| Maintainer | Jezen Thomas <jezen@supercede.com> |
| Uploaded | by Jappie at 2023-06-14T23:48:00Z |
| Category | Web, Yesod |
| Distributions | |
| Downloads | 501 total (20 in the last 30 days) |
| Rating | (no votes yet) [estimated by Bayesian average] |
| Your Rating |
|
| Status | Docs available [build log] Last success reported on 2023-06-15 [all 1 reports] |
Readme for yesod-middleware-csp-1.2.0
[back to package description]yesod-middleware-csp
A middleware for building CSP headers on the fly
Deals with CSP without disabling it. This is done by overriding the default yesod provided addScript functionalities and adding a nonce to the tag, and the right headers to the request.
Usage
Because there is no good way of enforcing CSP at typelevel in yesod, It's best to override classy prelude with your own custom prelude. This allows hiding the addScript functions from there with the ones provided by this library:
-- | Mirrors classy prelude yesod but with our supercede patches
module Supercede.Prelude.Yesod
( -- * rexport
module X
-- ** use CSP variant instead of yesod's
, addScriptEither
, addScript
, addScriptRemote
) where
import Supercede.Prelude as X hiding (delete, deleteBy, Handler (..))
import Yesod as X hiding (addScriptEither, addScript, addScriptRemote, addScriptAttrs, addScriptRemoteAttrs)
import Yesod.Middleware.CSP (addScriptEither, addScript, addScriptRemote)
Then in hlint you can simply dis-recommend usage of classy prelude:
- modules:
- {name: [ClassyPrelude], message: "Use Supercede.Prelude instead"}
- {name: [ClassyPrelude.Yesod], message: "Use Supercede.Prelude.Yesod instead"}
How to run tests
cabal configure --enable-tests && cabal build && cabal test
Contributing
PR's are welcome.