-
-
29 Oct 2018 22:23:06 UTC
- Distribution: Mojolicious-Plugin-CSPHeader
- Module version: 0.06
- Source (raw)
- Browse (raw)
- Changes
- How to Contribute
- Repository
- Issues (2)
- Testers (568 / 0 / 0)
- Kwalitee
Bus factor: 1- 37.29% Coverage
- License: perl_5
24 month- Download (11.18KB)
- MetaCPAN Explorer
- Permissions
- Subscribe to distribution
- This version
- Latest version
NAME
Mojolicious::Plugin::CSPHeader - Mojolicious Plugin to add Content-Security-Policy header to every HTTP response.
SYNOPSIS
# Mojolicious $self->plugin('CSPHeader', csp => "default-src 'none'; font-src 'self'; img-src 'self' data:; style-src 'self'"); # or $self->plugin('CSPHeader', directives => { 'default-src' => "'none'", 'font-src' => "'self'", 'img-src' => "'self' data:", 'style-src' => "'self'" }); # Allow a websocket connection to the current host $self->plugin('CSPHeader', directives => { 'connect-src' => { base => "'self'", ws => 1 } }); # Mojolicious::Lite plugin 'CSPHeader', csp => "default-src 'none'; font-src 'self'; img-src 'self' data:; style-src 'self'"; # or plugin 'CSPHeader', directives => { 'default-src' => "'none'", 'font-src' => "'self'", 'img-src' => "'self' data:", 'style-src' => "'self'" };DESCRIPTION
Mojolicious::Plugin::CSPHeader is a Mojolicious plugin which adds Content-Security-Policy header to every HTTP response.
To know what should be the CSP header to add to your site, you can use this Firefox addon: https://addons.mozilla.org/fr/firefox/addon/laboratory-by-mozilla/.
https://content-security-policy.com/ provides a good documentation about CSP.
https://report-uri.com/home/generate provides a tool to generate a CSP header.
This plugin will warn you in Mojolicious info log if you use the "directives" syntax and use experimental or deprecated directives. The list of experimental and deprecated directives is based on https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP as seen on 28 April 2018.
If you want to use the "directives" syntax and add some directive that this plugin doesn't know, put those new directives in a "extra" hash like this:
$self->plugin('CSPHeader', directives => { 'default-src' => "'none'", }, extra => { 'foo-src' => "'self'" });Please note that the "csp" syntax takes precedence over the "directives" syntax. Don't use both.
METHODS
Mojolicious::Plugin::CSPHeader inherits all methods from Mojolicious::Plugin and implements the following new ones.
register
$plugin->register(Mojolicious->new);Register plugin in Mojolicious application.
BUGS and SUPPORT
The latest source code can be browsed and fetched at:
https://framagit.org/luc/mojolicious-plugin-cspheader git clone https://framagit.org/luc/mojolicious-plugin-cspheader.gitBugs and feature requests will be tracked at:
https://framagit.org/luc/mojolicious-plugin-cspheader/issuesAUTHOR
Luc DIDRY CPAN ID: LDIDRY ldidry@cpan.org https://fiat-tux.fr/COPYRIGHT
This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.
The full text of the license can be found in the LICENSE file included with this module.
SEE ALSO
Mojolicious, Mojolicious::Guides, http://mojolicious.org, https://www.w3.org/TR/CSP/
