object ContentSourceRestriction
- Alphabetic
- By Inheritance
- ContentSourceRestriction
- AnyRef
- Any
- Hide All
- Show All
- Public
- All
Type Members
-
case class
Host
(hostAndPath: String) extends GeneralSourceRestriction with Product with Serializable
Indicates content from the given host path is allowed.
Indicates content from the given host path is allowed. See the
Content-Security-Policy
spec's matching rules forhost-source
for more about what this can look like.Example:
Host("https://base.*.example.com")
-
case class
Scheme
(scheme: String) extends GeneralSourceRestriction with Product with Serializable
Indicates content from the given scheme is allowed.
Indicates content from the given scheme is allowed. The scheme should not include the trailing
:
.Example:
Scheme("data")
Value Members
-
final
def
!=(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
-
final
def
##(): Int
- Definition Classes
- AnyRef → Any
-
final
def
==(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
-
final
def
asInstanceOf[T0]: T0
- Definition Classes
- Any
-
def
clone(): AnyRef
- Attributes
- protected[java.lang]
- Definition Classes
- AnyRef
- Annotations
- @throws( ... )
-
final
def
eq(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef
-
def
equals(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
-
def
finalize(): Unit
- Attributes
- protected[java.lang]
- Definition Classes
- AnyRef
- Annotations
- @throws( classOf[java.lang.Throwable] )
-
final
def
getClass(): Class[_]
- Definition Classes
- AnyRef → Any
-
def
hashCode(): Int
- Definition Classes
- AnyRef → Any
-
final
def
isInstanceOf[T0]: Boolean
- Definition Classes
- Any
-
final
def
ne(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef
-
final
def
notify(): Unit
- Definition Classes
- AnyRef
-
final
def
notifyAll(): Unit
- Definition Classes
- AnyRef
-
final
def
synchronized[T0](arg0: ⇒ T0): T0
- Definition Classes
- AnyRef
-
def
toString(): String
- Definition Classes
- AnyRef → Any
-
final
def
wait(): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws( ... )
-
final
def
wait(arg0: Long, arg1: Int): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws( ... )
-
final
def
wait(arg0: Long): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws( ... )
-
object
All
extends GeneralSourceRestriction with Product with Serializable
Indicates content from all sources is allowed.
-
object
None
extends GeneralSourceRestriction with Product with Serializable
Indicates content from no sources is allowed.
-
object
Self
extends GeneralSourceRestriction with Product with Serializable
Indicates content from the same origin as the content is allowed.
-
object
UnsafeEval
extends JavaScriptSourceRestriction with Product with Serializable
Indicates
eval
and related functionality can be used.Indicates
eval
and related functionality can be used. Some of Lift's functionality, includingidMemoize
and comet handling, relies on eval, so not including this in your script sources will mean you won't be able to use those.If not specified for JavaScript, invoking
eval
, theFunction
constructor, orsetTimeout
/setInterval
with a string parameter will all throw security exceptions in a browser that supports content security policies. -
object
UnsafeInline
extends JavaScriptSourceRestriction with StylesheetSourceRestriction with Product with Serializable
Indicates inline content on the page is allowed to be interpreted.
Indicates inline content on the page is allowed to be interpreted. It is highly recommended that this not be used, as it exposes your application to cross-site scripting and other vulnerabilities.
If not specified for JavaScript, JavaScript
on*
event handler attributes,<script>
elements, andjavascript:
URIs will not be executed by a browser that supports content security policies.If not specified for stylesheets,
<style>
elements and inlinestyle
attributes will not be read by a browser that supports content security policies.