@hackage yesod-middleware-csp1.3.0

A middleware for building CSP headers on the fly

Categories
- Web Development
License
MIT
Maintainer
Jezen Thomas <jezen@supercede.com>
Lottery factor: 0
Links
Versions
- 1.3.0 Wed, 29 Apr 2026
- 1.2.0 Wed, 14 Jun 2023
- 1.1.0 Fri, 15 Jul 2022
- 1.0.2 Tue, 12 Jul 2022
- 1.0.1 Tue, 12 Jul 2022
- 1.0.0 Tue, 12 Jul 2022

Installation
In your cabal file:
Tested Compilers
- 9.10.3
Dependencies (16)
- base >=4.14 && <5
- base64-bytestring >=1.0.0 && <1.3
- bytestring >=0.10 && <0.13
- conduit >=1.3.1 && <1.4
- containers >=0.6 && <0.8
- directory >=1.3.3 && <1.4
Dependents (0)

yesod-middleware-csp

A middleware for building CSP headers on the fly

Deals with CSP without disabling it. This is done by overriding the default yesod provided addScript functionalities and adding a nonce to the tag, and the right headers to the request.

Usage

Because there is no good way of enforcing CSP at typelevel in yesod, it's best to hide the addScript functions from yesod with the ones provided by this library:

import Yesod hiding (addScript, addScriptRemote)
import Yesod.Middleware.CSP (addScript, addScriptRemote, addCSPMiddleware)

Then wire up the middleware in your Yesod instance:

instance Yesod App where
  yesodMiddleware = addCSPMiddleware

How to run tests

nix build

Contributing

PR's are welcome.

@hackage yesod-middleware-csp1.3.0

Categories

License

Maintainer

Links

Versions

Installation

Tested Compilers

Dependencies (16)

Dependents (0)

yesod-middleware-csp

Usage

How to run tests

Contributing