-
-
29 Oct 2018 22:23:06 UTC
- Distribution: Mojolicious-Plugin-CSPHeader
- Module version: 0.06
- Source (raw)
- Browse (raw)
- Changes
- How to Contribute
- Repository
- Issues (2)
- Testers (568 / 0 / 0)
- Kwalitee
Bus factor: 1- 37.29% Coverage
- License: perl_5
- Activity
24 month- Tools
- Download (11.18KB)
- MetaCPAN Explorer
- Permissions
- Subscribe to distribution
- Permalinks
- This version
- Latest version
- Dependencies
- Mojolicious
- and possibly others
- Reverse dependencies
- CPAN Testers List
- Dependency graph
NAME
Mojolicious::Plugin::CSPHeader - Mojolicious Plugin to add Content-Security-Policy header to every HTTP response.
SYNOPSIS
# Mojolicious $self->plugin('CSPHeader', csp => "default-src 'none'; font-src 'self'; img-src 'self' data:; style-src 'self'"); # or $self->plugin('CSPHeader', directives => { 'default-src' => "'none'", 'font-src' => "'self'", 'img-src' => "'self' data:", 'style-src' => "'self'" }); # Allow a websocket connection to the current host $self->plugin('CSPHeader', directives => { 'connect-src' => { base => "'self'", ws => 1 } }); # Mojolicious::Lite plugin 'CSPHeader', csp => "default-src 'none'; font-src 'self'; img-src 'self' data:; style-src 'self'"; # or plugin 'CSPHeader', directives => { 'default-src' => "'none'", 'font-src' => "'self'", 'img-src' => "'self' data:", 'style-src' => "'self'" };
DESCRIPTION
Mojolicious::Plugin::CSPHeader is a Mojolicious plugin which adds Content-Security-Policy header to every HTTP response.
To know what should be the CSP header to add to your site, you can use this Firefox addon: https://addons.mozilla.org/fr/firefox/addon/laboratory-by-mozilla/.
https://content-security-policy.com/ provides a good documentation about CSP.
https://report-uri.com/home/generate provides a tool to generate a CSP header.
This plugin will warn you in Mojolicious info log if you use the "directives" syntax and use experimental or deprecated directives. The list of experimental and deprecated directives is based on https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP as seen on 28 April 2018.
If you want to use the "directives" syntax and add some directive that this plugin doesn't know, put those new directives in a "extra" hash like this:
$self->plugin('CSPHeader', directives => { 'default-src' => "'none'", }, extra => { 'foo-src' => "'self'" });
Please note that the "csp" syntax takes precedence over the "directives" syntax. Don't use both.
METHODS
Mojolicious::Plugin::CSPHeader inherits all methods from Mojolicious::Plugin and implements the following new ones.
register
$plugin->register(Mojolicious->new);
Register plugin in Mojolicious application.
BUGS and SUPPORT
The latest source code can be browsed and fetched at:
https://framagit.org/luc/mojolicious-plugin-cspheader git clone https://framagit.org/luc/mojolicious-plugin-cspheader.git
Bugs and feature requests will be tracked at:
https://framagit.org/luc/mojolicious-plugin-cspheader/issues
AUTHOR
Luc DIDRY CPAN ID: LDIDRY ldidry@cpan.org https://fiat-tux.fr/
COPYRIGHT
This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.
The full text of the license can be found in the LICENSE file included with this module.
SEE ALSO
Mojolicious, Mojolicious::Guides, http://mojolicious.org, https://www.w3.org/TR/CSP/
Module Install Instructions
To install Mojolicious::Plugin::CSPHeader, copy and paste the appropriate command in to your terminal.
cpanm Mojolicious::Plugin::CSPHeader
perl -MCPAN -e shell install Mojolicious::Plugin::CSPHeader
For more information on module installation, please visit the detailed CPAN module installation guide.