Class/Object

net.liftweb.http

ContentSecurityPolicy

Related Docs: object ContentSecurityPolicy | package http

Permalink

final case class ContentSecurityPolicy(defaultSources: List[ContentSourceRestriction] = List(ContentSourceRestriction.Self), connectSources: List[ContentSourceRestriction] = Nil, fontSources: List[ContentSourceRestriction] = Nil, frameSources: List[ContentSourceRestriction] = Nil, imageSources: List[ContentSourceRestriction] = List(ContentSourceRestriction.All), mediaSources: List[ContentSourceRestriction] = Nil, objectSources: List[ContentSourceRestriction] = Nil, scriptSources: List[JavaScriptSourceRestriction] = ..., styleSources: List[StylesheetSourceRestriction] = Nil, reportUri: Option[URI] = ...) extends Product with Serializable

Specifies a Content-Security-Policy for this site. This will be sent to the client in a Content-Security-Policy header when responses are returned from Lift.

In development mode, content security policy violations are only reported if the browser supports them, not enforced. In all other modes, content security policy violations are enforced if the browser supports them.

Note that the X-Webkit-CSP header is NOT specified, due to potentially-broken behavior in iOS 5 and 5.1. This means iOS 6/6.1 will not receive a content security policy that it can understand. See the caniuse page on content security policy for more.

defaultSources

A list of default source restrictions; if one of the other sources parameters is empty, the default sources will apply instead.

connectSources

A list of source restrictions for XmlHttpRequest (AJAX) connections.

fontSources

A list of source restrictions for loading fonts (e.g., from CSS font-face declarations).

frameSources

A list of source restrictions for loading frames and iframes.

imageSources

A list of source restrictions for loading images.

mediaSources

A list of source restrictions for loading media (audio and video).

objectSources

A list of source restrictions for loading object, embed, applet, and related elements.

scriptSources

A list of source restrictions for loading scripts. Also accepts the UnsafeInline and UnsafeEval source restrictions, though these are strongly discouraged.

styleSources

A list of source restrictions for loading styles. Also accepts the UnsafeInline source, though it is strongly discouraged.

reportUri

The URI where any violation of the security policy will be reported. You can set the function that handles these violations in LiftRules.contentSecurityPolicyViolationReport. By default, reported to ContentSecurityPolicy.defaultReportUri. If this is None, violations will not be reported.

Linear Supertypes
Serializable, Serializable, Product, Equals, AnyRef, Any
Ordering
  1. Alphabetic
  2. By inheritance
Inherited
  1. ContentSecurityPolicy
  2. Serializable
  3. Serializable
  4. Product
  5. Equals
  6. AnyRef
  7. Any
  1. Hide All
  2. Show all
Visibility
  1. Public
  2. All

Instance Constructors

  1. new ContentSecurityPolicy(defaultSources: List[ContentSourceRestriction] = List(ContentSourceRestriction.Self), connectSources: List[ContentSourceRestriction] = Nil, fontSources: List[ContentSourceRestriction] = Nil, frameSources: List[ContentSourceRestriction] = Nil, imageSources: List[ContentSourceRestriction] = List(ContentSourceRestriction.All), mediaSources: List[ContentSourceRestriction] = Nil, objectSources: List[ContentSourceRestriction] = Nil, scriptSources: List[JavaScriptSourceRestriction] = ..., styleSources: List[StylesheetSourceRestriction] = Nil, reportUri: Option[URI] = ...)

    Permalink

    defaultSources

    A list of default source restrictions; if one of the other sources parameters is empty, the default sources will apply instead.

    connectSources

    A list of source restrictions for XmlHttpRequest (AJAX) connections.

    fontSources

    A list of source restrictions for loading fonts (e.g., from CSS font-face declarations).

    frameSources

    A list of source restrictions for loading frames and iframes.

    imageSources

    A list of source restrictions for loading images.

    mediaSources

    A list of source restrictions for loading media (audio and video).

    objectSources

    A list of source restrictions for loading object, embed, applet, and related elements.

    scriptSources

    A list of source restrictions for loading scripts. Also accepts the UnsafeInline and UnsafeEval source restrictions, though these are strongly discouraged.

    styleSources

    A list of source restrictions for loading styles. Also accepts the UnsafeInline source, though it is strongly discouraged.

    reportUri

    The URI where any violation of the security policy will be reported. You can set the function that handles these violations in LiftRules.contentSecurityPolicyViolationReport. By default, reported to ContentSecurityPolicy.defaultReportUri. If this is None, violations will not be reported.

Value Members

  1. final def !=(arg0: Any): Boolean

    Permalink
    Definition Classes
    AnyRef → Any

  2. final def ##(): Int

    Permalink
    Definition Classes
    AnyRef → Any

  3. final def ==(arg0: Any): Boolean

    Permalink
    Definition Classes
    AnyRef → Any

  4. final def asInstanceOf[T0]: T0

    Permalink
    Definition Classes
    Any

  5. def clone(): AnyRef

    Permalink
    Attributes
    protected[java.lang]
    Definition Classes
    AnyRef
    Annotations
    @throws( ... )

  6. val connectSources: List[ContentSourceRestriction]

    Permalink

    A list of source restrictions for XmlHttpRequest (AJAX) connections.

  7. def contentSecurityPolicyString: String

    Permalink

    The string that describes this content security policy in the syntax expected by the Content-Security-Policy header.

  8. val defaultSources: List[ContentSourceRestriction]

    Permalink

    A list of default source restrictions; if one of the other sources parameters is empty, the default sources will apply instead.

  9. final def eq(arg0: AnyRef): Boolean

    Permalink
    Definition Classes
    AnyRef

  10. def finalize(): Unit

    Permalink
    Attributes
    protected[java.lang]
    Definition Classes
    AnyRef
    Annotations
    @throws( classOf[java.lang.Throwable] )

  11. val fontSources: List[ContentSourceRestriction]

    Permalink

    A list of source restrictions for loading fonts (e.g., from CSS font-face declarations).

  12. val frameSources: List[ContentSourceRestriction]

    Permalink

    A list of source restrictions for loading frames and iframes.

  13. final def getClass(): Class[_]

    Permalink
    Definition Classes
    AnyRef → Any

  14. def headers(enforce: Boolean = true, logViolations: Boolean = true): List[(String, String)]

    Permalink

    Returns the headers implied by this content security policy.

  15. val imageSources: List[ContentSourceRestriction]

    Permalink

    A list of source restrictions for loading images.

  16. final def isInstanceOf[T0]: Boolean

    Permalink
    Definition Classes
    Any

  17. val mediaSources: List[ContentSourceRestriction]

    Permalink

    A list of source restrictions for loading media (audio and video).

  18. final def ne(arg0: AnyRef): Boolean

    Permalink
    Definition Classes
    AnyRef

  19. final def notify(): Unit

    Permalink
    Definition Classes
    AnyRef

  20. final def notifyAll(): Unit

    Permalink
    Definition Classes
    AnyRef

  21. val objectSources: List[ContentSourceRestriction]

    Permalink

    A list of source restrictions for loading object, embed, applet, and related elements.

  22. val reportUri: Option[URI]

    Permalink

    The URI where any violation of the security policy will be reported.

    The URI where any violation of the security policy will be reported. You can set the function that handles these violations in LiftRules.contentSecurityPolicyViolationReport. By default, reported to ContentSecurityPolicy.defaultReportUri. If this is None, violations will not be reported.

  23. val scriptSources: List[JavaScriptSourceRestriction]

    Permalink

    A list of source restrictions for loading scripts.

    A list of source restrictions for loading scripts. Also accepts the UnsafeInline and UnsafeEval source restrictions, though these are strongly discouraged.

  24. val styleSources: List[StylesheetSourceRestriction]

    Permalink

    A list of source restrictions for loading styles.

    A list of source restrictions for loading styles. Also accepts the UnsafeInline source, though it is strongly discouraged.

  25. final def synchronized[T0](arg0: ⇒ T0): T0

    Permalink
    Definition Classes
    AnyRef

  26. final def wait(): Unit

    Permalink
    Definition Classes
    AnyRef
    Annotations
    @throws( ... )

  27. final def wait(arg0: Long, arg1: Int): Unit

    Permalink
    Definition Classes
    AnyRef
    Annotations
    @throws( ... )

  28. final def wait(arg0: Long): Unit

    Permalink
    Definition Classes
    AnyRef
    Annotations
    @throws( ... )

Inherited from Serializable

Inherited from Serializable

Inherited from Product

Inherited from Equals

Inherited from AnyRef

Inherited from Any

Ungrouped