module Lucky::SecureHeaders::SetCSPGuard

Overview

This module sets the HTTP header Content-Security-Policy. It's job is to prevent a wide range of attacks like Cross-Site Scripting.

Include this module in the actions you want to add this to. A required method #csp_guard_value must be defined

class BrowserAction < Lucky::Action
  include Lucky::SecureHeaders::SetCSPGuard

  def csp_guard_value : String
    "script-src 'self'"
  end
end

Defined in:

lucky/secure_headers/set_csp_guard.cr

Instance Method Summary

Instance Method Detail

abstract def csp_guard_value : String #

[View source]