yesod-middleware-csp

A middleware for building CSP headers on the fly

LTS Haskell 22.19:	1.2.0
Stackage Nightly 2023-12-26:	1.2.0
Latest on Hackage:	1.2.0

See all snapshots yesod-middleware-csp appears in

MIT licensed and maintained by Jezen Thomas

This version can be pinned in stack with:yesod-middleware-csp-1.2.0@sha256:ec7a041f3e2d3448c2ab9f11ccb00d59d9ecfaee00b109eb2c4889d748625943,2408

Module documentation for 1.2.0

Yesod
- Yesod.Middleware
  - Yesod.Middleware.CSP

Depends on 17 packages(full list with versions):

base, base64-bytestring, bytestring, classy-prelude, conduit, containers, directory, filepath, http-client, network-uri, template-haskell, text, time, uuid, yesod, yesod-core, yesod-static

yesod-middleware-csp

A middleware for building CSP headers on the fly

Deals with CSP without disabling it. This is done by overriding the default yesod provided addScript functionalities and adding a nonce to the tag, and the right headers to the request.

Usage

Because there is no good way of enforcing CSP at typelevel in yesod, It’s best to override classy prelude with your own custom prelude. This allows hiding the addScript functions from there with the ones provided by this library:


-- | Mirrors classy prelude yesod but with our supercede patches
module Supercede.Prelude.Yesod
  ( -- * rexport
    module X
  -- ** use CSP variant instead of yesod's
  , addScriptEither
  , addScript
  , addScriptRemote
  ) where

import Supercede.Prelude as X hiding (delete, deleteBy, Handler (..))
import Yesod as X hiding (addScriptEither, addScript, addScriptRemote, addScriptAttrs, addScriptRemoteAttrs)

import Yesod.Middleware.CSP (addScriptEither, addScript, addScriptRemote)

Then in hlint you can simply dis-recommend usage of classy prelude:

- modules:
  - {name: [ClassyPrelude], message: "Use Supercede.Prelude instead"}
  - {name: [ClassyPrelude.Yesod], message: "Use Supercede.Prelude.Yesod instead"}

How to run tests

cabal configure --enable-tests && cabal build && cabal test

Contributing

PR’s are welcome.

Changes

Revision history for `yesod-middleware-csp`

This format is based on Keep A Changelog.

1.2.0 - 2023-06-14

bump bounds
add upperboudns from cabal-gen-bounds
add stackage ci

1.1.0 - 2022-07-15

Add new directive ManifestSrc

Unreleased

1.0.2 - 2022-07-12

Export the new functions

1.0.1 - 2022-07-12

Add missing extra source files to cabal file

1.0.0 - 2022-07-12

Add Attrs variants of add script.
Add changelog, bump to version 1, upload to hackage

0.0.0 - ???

Initial release on github

yesod-middleware-csp

Module documentation for 1.2.0

yesod-middleware-csp

Usage

How to run tests

Contributing

Changes

Revision history for yesod-middleware-csp

1.2.0 - 2023-06-14

1.1.0 - 2022-07-15

Unreleased

1.0.2 - 2022-07-12

1.0.1 - 2022-07-12

1.0.0 - 2022-07-12

0.0.0 - ???

Revision history for `yesod-middleware-csp`