@hackage / yesod-middleware-csp

A middleware for building CSP headers on the fly

Latest1.3.0

About

Metadata

  • Last updated , by Valeri
  • License MIT
  • Categories Web Development

  • Maintained by: Jezen Thomas <jezen@supercede.com>

  • Lottery factor: 3

Links

Installation

Tested Compilers

  1. 9.10.3

Readme

yesod-middleware-csp

A middleware for building CSP headers on the fly

Deals with CSP without disabling it. This is done by overriding the default yesod provided addScript functionalities and adding a nonce to the tag, and the right headers to the request.

Usage

Because there is no good way of enforcing CSP at typelevel in yesod, it's best to hide the addScript functions from yesod with the ones provided by this library:

import Yesod hiding (addScript, addScriptRemote)
import Yesod.Middleware.CSP (addScript, addScriptRemote, addCSPMiddleware)

Then wire up the middleware in your Yesod instance:

instance Yesod App where
  yesodMiddleware = addCSPMiddleware

How to run tests

nix build

Contributing

PR's are welcome.