A list of default source restrictions; if one of the other sources parameters is empty, the default sources will apply instead.
A list of source restrictions for XmlHttpRequest
(AJAX) connections.
A list of source restrictions for loading fonts (e.g.,
from CSS font-face
declarations).
A list of source restrictions for loading frames and iframes.
A list of source restrictions for loading images.
A list of source restrictions for loading media (audio and video).
A list of source restrictions for loading object
,
embed
, applet
, and related elements.
A list of source restrictions for loading scripts. Also
accepts the UnsafeInline
and UnsafeEval
source
restrictions, though these are strongly discouraged.
A list of source restrictions for loading styles. Also
accepts the UnsafeInline
source, though it is strongly discouraged.
The URI where any violation of the security policy will be
reported. You can set the function that handles these violations in
LiftRules.contentSecurityPolicyViolationReport
. By default,
reported to ContentSecurityPolicy.defaultReportUri
.
If this is None
, violations will not be reported.
A list of source restrictions for XmlHttpRequest
(AJAX) connections.
The string that describes this content security policy in the syntax
expected by the Content-Security-Policy
header.
A list of default source restrictions; if one of the other sources parameters is empty, the default sources will apply instead.
A list of source restrictions for loading fonts (e.g.,
from CSS font-face
declarations).
A list of source restrictions for loading frames and iframes.
Returns the headers implied by this content security policy.
A list of source restrictions for loading images.
A list of source restrictions for loading media (audio and video).
A list of source restrictions for loading object
,
embed
, applet
, and related elements.
The URI where any violation of the security policy will be reported.
The URI where any violation of the security policy will be
reported. You can set the function that handles these violations in
LiftRules.contentSecurityPolicyViolationReport
. By default,
reported to ContentSecurityPolicy.defaultReportUri
.
If this is None
, violations will not be reported.
A list of source restrictions for loading scripts.
A list of source restrictions for loading scripts. Also
accepts the UnsafeInline
and UnsafeEval
source
restrictions, though these are strongly discouraged.
A list of source restrictions for loading styles.
A list of source restrictions for loading styles. Also
accepts the UnsafeInline
source, though it is strongly discouraged.
Specifies a
Content-Security-Policy
for this site. This will be sent to the client in aContent-Security-Policy
header when responses are returned from Lift.In development mode, content security policy violations are only reported if the browser supports them, not enforced. In all other modes, content security policy violations are enforced if the browser supports them.
Note that the
X-Webkit-CSP
header is NOT specified, due to potentially-broken behavior in iOS 5 and 5.1. This means iOS 6/6.1 will not receive a content security policy that it can understand. See the caniuse page on content security policy for more.A list of default source restrictions; if one of the other sources parameters is empty, the default sources will apply instead.
A list of source restrictions for
XmlHttpRequest
(AJAX) connections.A list of source restrictions for loading fonts (e.g., from CSS
font-face
declarations).A list of source restrictions for loading frames and iframes.
A list of source restrictions for loading images.
A list of source restrictions for loading media (audio and video).
A list of source restrictions for loading
object
,embed
,applet
, and related elements.A list of source restrictions for loading scripts. Also accepts the
UnsafeInline
andUnsafeEval
source restrictions, though these are strongly discouraged.A list of source restrictions for loading styles. Also accepts the
UnsafeInline
source, though it is strongly discouraged.The URI where any violation of the security policy will be reported. You can set the function that handles these violations in
LiftRules.contentSecurityPolicyViolationReport
. By default, reported toContentSecurityPolicy.defaultReportUri
. If this isNone
, violations will not be reported.