Crate content_security_policy
source ยทExpand description
Parse and validate Web Content-Security-Policy level 3
ยงExample
extern crate content_security_policy;
use content_security_policy::*;
fn main() {
let csp_list = CspList::parse("script-src *.notriddle.com", PolicySource::Header, PolicyDisposition::Enforce);
let (check_result, _) = csp_list.should_request_be_blocked(&Request {
url: Url::parse("https://www.notriddle.com/script.js").unwrap(),
origin: Origin::Tuple("https".to_string(), url::Host::Domain("notriddle.com".to_owned()), 443),
redirect_count: 0,
destination: Destination::Script,
initiator: Initiator::None,
nonce: String::new(),
integrity_metadata: String::new(),
parser_metadata: ParserMetadata::None,
});
assert_eq!(check_result, CheckResult::Allowed);
let (check_result, _) = csp_list.should_request_be_blocked(&Request {
url: Url::parse("https://www.evil.example/script.js").unwrap(),
origin: Origin::Tuple("https".to_string(), url::Host::Domain("notriddle.com".to_owned()), 443),
redirect_count: 0,
destination: Destination::Script,
initiator: Initiator::None,
nonce: String::new(),
integrity_metadata: String::new(),
parser_metadata: ParserMetadata::None,
});
assert_eq!(check_result, CheckResult::Blocked);
}Re-exportsยง
pub extern crate percent_encoding;pub extern crate url;
Modulesยง
- text_
util ๐
Structsยง
- https://www.w3.org/TR/CSP/#csp-list
- https://www.w3.org/TR/CSP/#directives
- https://www.w3.org/TR/SRI/#integrity-metadata
- A single parsed content security policy.
- request to be validated
- response to be validated https://fetch.spec.whatwg.org/#concept-response
- Source
List ๐https://www.w3.org/TR/CSP/#framework-directive-source-list - A parsed URL record.
- violation information
Enumsยง
- Allow
Result ๐https://www.w3.org/TR/CSP/#allow-all-inline - Many algorithms are allowed to return either โAllowedโ or โBlockedโ. The spec describes these as strings.
- The valid values for type are โscriptโ, โscript attributeโ, โstyleโ, and โstyle attributeโ.
- https://www.w3.org/TR/CSP/#match-element-to-source-list
- The origin of an URL
- https://www.w3.org/TR/CSP/#policy-disposition
- https://www.w3.org/TR/CSP/#policy-source
- https://www.w3.org/TR/SRI/#parse-metadata
- https://www.w3.org/TR/CSP/#does-request-violate-policy
- violation information
Staticsยง
- https://www.w3.org/TR/CSP/#grammardef-directive-name
- https://www.w3.org/TR/CSP/#grammardef-directive-value
- HASH_
SOURC ๐E_ GRAMMAR https://www.w3.org/TR/CSP/#grammardef-hash-source - HOST_
SOURC ๐E_ GRAMMAR https://www.w3.org/TR/CSP/#grammardef-host-source - NONC
E_ ๐SOURC E_ GRAMMAR https://www.w3.org/TR/CSP/#grammardef-nonce-source - NONE_
SOURC ๐E_ GRAMMAR - https://www.w3.org/TR/CSP/#grammardef-scheme-source
- https://www.w3.org/TR/SRI/#the-integrity-attribute This corresponds to the โhash-expressionโ grammar.
Functionsยง
- default_
port ๐ - default_
port_ ๐str - https://www.w3.org/TR/CSP/#match-url-to-source-expression
- https://www.w3.org/TR/CSP/#directive-fallback-list
- https://www.w3.org/TR/CSP/#effective-directive-for-inline-check
- https://www.w3.org/TR/CSP/#effective-directive-for-a-request
- host_
part_ ๐match https://www.w3.org/TR/CSP/#match-hosts - https://www.w3.org/TR/SRI/#parse-metadata
- path_
part_ ๐match https://www.w3.org/TR/CSP/#match-paths - port_
part_ ๐match https://www.w3.org/TR/CSP/#match-ports - https://fetch.spec.whatwg.org/#request-destination-script-like
- scheme_
is_ ๐httpx - scheme_
is_ ๐network - scheme_
part_ ๐match https://www.w3.org/TR/CSP/#match-schemes - https://www.w3.org/TR/CSP/#script-post-request
- https://www.w3.org/TR/CSP/#script-pre-request
- https://www.w3.org/TR/CSP/#should-directive-execute
- url_
port ๐