Packages

final case class ContentSecurityPolicy(defaultSources: List[ContentSourceRestriction] = List(ContentSourceRestriction.Self), connectSources: List[ContentSourceRestriction] = Nil, fontSources: List[ContentSourceRestriction] = Nil, frameSources: List[ContentSourceRestriction] = Nil, imageSources: List[ContentSourceRestriction] = List(ContentSourceRestriction.All), mediaSources: List[ContentSourceRestriction] = Nil, objectSources: List[ContentSourceRestriction] = Nil, scriptSources: List[JavaScriptSourceRestriction] = List( ContentSourceRestriction.UnsafeEval, ContentSourceRestriction.Self ), styleSources: List[StylesheetSourceRestriction] = Nil, reportUri: Option[URI] = Some(ContentSecurityPolicy.defaultReportUri)) extends Product with Serializable

Specifies a Content-Security-Policy for this site. This will be sent to the client in a Content-Security-Policy header when responses are returned from Lift.

In development mode, content security policy violations are only reported if the browser supports them, not enforced. In all other modes, content security policy violations are enforced if the browser supports them.

Note that the X-Webkit-CSP header is NOT specified, due to potentially-broken behavior in iOS 5 and 5.1. This means iOS 6/6.1 will not receive a content security policy that it can understand. See the caniuse page on content security policy for more.

defaultSources

A list of default source restrictions; if one of the other sources parameters is empty, the default sources will apply instead.

connectSources

A list of source restrictions for XmlHttpRequest (AJAX) connections.

fontSources

A list of source restrictions for loading fonts (e.g., from CSS font-face declarations).

frameSources

A list of source restrictions for loading frames and iframes.

imageSources

A list of source restrictions for loading images.

mediaSources

A list of source restrictions for loading media (audio and video).

objectSources

A list of source restrictions for loading object, embed, applet, and related elements.

scriptSources

A list of source restrictions for loading scripts. Also accepts the UnsafeInline and UnsafeEval source restrictions, though these are strongly discouraged.

styleSources

A list of source restrictions for loading styles. Also accepts the UnsafeInline source, though it is strongly discouraged.

reportUri

The URI where any violation of the security policy will be reported. You can set the function that handles these violations in LiftRules.contentSecurityPolicyViolationReport. By default, reported to ContentSecurityPolicy.defaultReportUri. If this is None, violations will not be reported.

Linear Supertypes
Serializable, Product, Equals, AnyRef, Any
Ordering
  1. Alphabetic
  2. By Inheritance
Inherited
  1. ContentSecurityPolicy
  2. Serializable
  3. Product
  4. Equals
  5. AnyRef
  6. Any
  1. Hide All
  2. Show All
Visibility
  1. Public
  2. Protected

Instance Constructors

  1. new ContentSecurityPolicy(defaultSources: List[ContentSourceRestriction] = List(ContentSourceRestriction.Self), connectSources: List[ContentSourceRestriction] = Nil, fontSources: List[ContentSourceRestriction] = Nil, frameSources: List[ContentSourceRestriction] = Nil, imageSources: List[ContentSourceRestriction] = List(ContentSourceRestriction.All), mediaSources: List[ContentSourceRestriction] = Nil, objectSources: List[ContentSourceRestriction] = Nil, scriptSources: List[JavaScriptSourceRestriction] = List( ContentSourceRestriction.UnsafeEval, ContentSourceRestriction.Self ), styleSources: List[StylesheetSourceRestriction] = Nil, reportUri: Option[URI] = Some(ContentSecurityPolicy.defaultReportUri))

    defaultSources

    A list of default source restrictions; if one of the other sources parameters is empty, the default sources will apply instead.

    connectSources

    A list of source restrictions for XmlHttpRequest (AJAX) connections.

    fontSources

    A list of source restrictions for loading fonts (e.g., from CSS font-face declarations).

    frameSources

    A list of source restrictions for loading frames and iframes.

    imageSources

    A list of source restrictions for loading images.

    mediaSources

    A list of source restrictions for loading media (audio and video).

    objectSources

    A list of source restrictions for loading object, embed, applet, and related elements.

    scriptSources

    A list of source restrictions for loading scripts. Also accepts the UnsafeInline and UnsafeEval source restrictions, though these are strongly discouraged.

    styleSources

    A list of source restrictions for loading styles. Also accepts the UnsafeInline source, though it is strongly discouraged.

    reportUri

    The URI where any violation of the security policy will be reported. You can set the function that handles these violations in LiftRules.contentSecurityPolicyViolationReport. By default, reported to ContentSecurityPolicy.defaultReportUri. If this is None, violations will not be reported.

Value Members

  1. final def !=(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  2. final def ##: Int
    Definition Classes
    AnyRef → Any
  3. final def ==(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  4. final def asInstanceOf[T0]: T0
    Definition Classes
    Any
  5. def clone(): AnyRef
    Attributes
    protected[lang]
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.CloneNotSupportedException]) @native()
  6. val connectSources: List[ContentSourceRestriction]
  7. def contentSecurityPolicyString: String

    The string that describes this content security policy in the syntax expected by the Content-Security-Policy header.

  8. val defaultSources: List[ContentSourceRestriction]
  9. final def eq(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  10. def finalize(): Unit
    Attributes
    protected[lang]
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.Throwable])
  11. val fontSources: List[ContentSourceRestriction]
  12. val frameSources: List[ContentSourceRestriction]
  13. final def getClass(): Class[_ <: AnyRef]
    Definition Classes
    AnyRef → Any
    Annotations
    @native()
  14. def headers(enforce: Boolean = true, logViolations: Boolean = true): List[(String, String)]

    Returns the headers implied by this content security policy.

  15. val imageSources: List[ContentSourceRestriction]
  16. final def isInstanceOf[T0]: Boolean
    Definition Classes
    Any
  17. val mediaSources: List[ContentSourceRestriction]
  18. final def ne(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  19. final def notify(): Unit
    Definition Classes
    AnyRef
    Annotations
    @native()
  20. final def notifyAll(): Unit
    Definition Classes
    AnyRef
    Annotations
    @native()
  21. val objectSources: List[ContentSourceRestriction]
  22. def productElementNames: Iterator[String]
    Definition Classes
    Product
  23. val reportUri: Option[URI]
  24. val scriptSources: List[JavaScriptSourceRestriction]
  25. val styleSources: List[StylesheetSourceRestriction]
  26. final def synchronized[T0](arg0: => T0): T0
    Definition Classes
    AnyRef
  27. final def wait(): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.InterruptedException])
  28. final def wait(arg0: Long, arg1: Int): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.InterruptedException])
  29. final def wait(arg0: Long): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.InterruptedException]) @native()

Inherited from Serializable

Inherited from Product

Inherited from Equals

Inherited from AnyRef

Inherited from Any

Ungrouped