Documentation
¶
Index ¶
- Constants
- type Builder
- func (b *Builder) Add(directive string, values ...string) *Builder
- func (b *Builder) AddHash(directive, content, algorithm string) *Builder
- func (b *Builder) AddNonce(directive string) *Builder
- func (b *Builder) AddNonceToScriptAndStyle() *Builder
- func (b *Builder) AddReporting(endpoint string) *Builder
- func (b *Builder) AddStrictDynamic() *Builder
- func (b *Builder) AllowUnsafeEval(directive string) *Builder
- func (b *Builder) AllowUnsafeInline(directive string) *Builder
- func (b *Builder) BlockAllMixedContent() *Builder
- func (b *Builder) EnableUpgradeInsecureRequests() *Builder
- func (b *Builder) RequireSRI(directive string, require bool) *Builder
- func (b *Builder) SetNonce(nonce string) *Builder
- func (b *Builder) SetReportEndpoint(endpoint string) *Builder
- func (b *Builder) SetReportOnly(reportOnly bool) *Builder
- func (b *Builder) String() string
- func (b *Builder) ToHeader() (string, string)
Constants ¶
View Source
const ( HashAlgoSha256 = "sha256" HashAlgoSha384 = "sha384" HashAlgoSha512 = "sha512" )
哈希算法类型
View Source
const ( // 获取指令 DirectiveDefaultSrc = "default-src" DirectiveScriptSrc = "script-src" DirectiveScriptSrcElem = "script-src-elem" DirectiveScriptSrcAttr = "script-src-attr" DirectiveStyleSrc = "style-src" DirectiveStyleSrcElem = "style-src-elem" DirectiveStyleSrcAttr = "style-src-attr" DirectiveImgSrc = "img-src" DirectiveConnectSrc = "connect-src" DirectiveFontSrc = "font-src" DirectiveObjectSrc = "object-src" DirectiveMediaSrc = "media-src" DirectiveFrameSrc = "frame-src" DirectiveWorkerSrc = "worker-src" DirectiveManifestSrc = "manifest-src" DirectiveChildSrc = "child-src" DirectivePrefetchSrc = "prefetch-src" // 文档指令 DirectiveBaseURI = "base-uri" DirectiveSandbox = "sandbox" DirectiveFormAction = "form-action" DirectiveFrameAncestors = "frame-ancestors" // 报告指令 DirectiveReportURI = "report-uri" DirectiveReportTo = "report-to" // 其他指令 DirectiveRequireSriFor = "require-sri-for" DirectiveUpgradeInsecureRequests = "upgrade-insecure-requests" DirectiveBlockAllMixedContent = "block-all-mixed-content" DirectiveTrustedTypes = "trusted-types" DirectiveTreatAsPublicAddress = "treat-as-public-address" )
CSP指令类型
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Builder ¶
type Builder struct {
// contains filtered or unexported fields
}
CSPBuilder 用于构建内容安全策略的生成器
func (*Builder) AddNonceToScriptAndStyle ¶
AddNonceToScriptAndStyle 添加nonce到脚本和样式指令
func (*Builder) AddReporting ¶
AddReporting 添加报告配置
func (*Builder) AddStrictDynamic ¶
AddStrictDynamic 添加strict-dynamic到脚本指令
func (*Builder) AllowUnsafeEval ¶
AllowUnsafeEval 添加unsafe-eval到指令
func (*Builder) AllowUnsafeInline ¶
AllowUnsafeInline 添加unsafe-inline到指令
func (*Builder) BlockAllMixedContent ¶
BlockAllMixedContent 阻止所有混合内容
func (*Builder) EnableUpgradeInsecureRequests ¶
EnableUpgradeInsecureRequests 启用升级不安全请求
func (*Builder) RequireSRI ¶
RequireSRI 为特定指令要求使用SRI
func (*Builder) SetReportEndpoint ¶
SetReportEndpoint 设置违规报告端点
func (*Builder) SetReportOnly ¶
SetReportOnly 设置CSP为仅报告模式
Source Files
Click to show internal directories.
Click to hide internal directories.