packages feed

yesod-csp 0.2.3.0 → 0.2.4.0

raw patch · 4 files changed

+14/−1 lines, 4 filesPVP ok

version bump matches the API change (PVP)

API changes (from Hackage documentation)

+ Yesod.Csp: StrictDynamic :: Source
+ Yesod.Csp.Example: getExample12R :: Handler Html

Files

src/Yesod/Csp.hs view
@@ -120,6 +120,7 @@               | Https               | UnsafeInline               | UnsafeEval+              | StrictDynamic               | Nonce EscapedText               | MetaSource Text deriving (Eq, Show, Data, Typeable) @@ -135,6 +136,7 @@ textSource Https = "https:" textSource UnsafeInline = "'unsafe-inline'" textSource UnsafeEval = "'unsafe-eval'"+textSource StrictDynamic = "'strict-dynamic'" textSource (MetaSource _) = "" textSource (Nonce x) = (pack . show) x 
src/Yesod/Csp/Example.hs view
@@ -24,6 +24,7 @@   /9 Example9R GET   /10 Example10R GET   /11 Example11R GET+  /12 Example12R GET |]  instance Yesod Example@@ -138,6 +139,14 @@       I should only be iframe-able by Google!     |] +getExample12R :: Handler Html+getExample12R = do+  let n = "foo"+  cspPolicy [csp|script-src strict-dynamic unsafe-inline $nonce-n|]+  defaultLayout $ [whamlet|+    <script nonce="foo">+      alert("ayyyy");+  |]  -- | Run a webserver to serve these examples at /1, /2, etc. runExamples :: IO ()
src/Yesod/Csp/TH.hs view
@@ -54,6 +54,7 @@          <|> host          <|> unsafeInline          <|> unsafeEval+         <|> strictDynamic          <|> parseNonce          <|> metaSource   where wildcard = string "*" *> pure Wildcard@@ -84,6 +85,7 @@             _ -> fail "https"         unsafeInline = string "unsafe-inline" *> pure UnsafeInline         unsafeEval = string "unsafe-eval" *> pure UnsafeEval+        strictDynamic = string "strict-dynamic" *> pure StrictDynamic  separated :: Char -> Bool separated x = x == ';' || x == ' '
yesod-csp.cabal view
@@ -2,7 +2,7 @@ -- documentation, see http://haskell.org/cabal/users-guide/  name:                yesod-csp-version:             0.2.3.0+version:             0.2.4.0 synopsis:            Add CSP headers to Yesod apps description:         Add CSP headers to Yesod apps. This helps reduce exposure to XSS attacks and bad assets. license:             MIT