{"id":16559678,"url":"https://github.com/psub/yesod-csp","last_synced_at":"2025-06-18T06:35:15.473Z","repository":{"id":221245839,"uuid":"753841616","full_name":"pSub/yesod-csp","owner":"pSub","description":"add CSP headers to Yesod apps","archived":false,"fork":false,"pushed_at":"2024-03-09T21:24:13.000Z","size":48,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-01-15T12:13:04.730Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Haskell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":"bobjflong/yesod-csp","license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pSub.png","metadata":{"files":{"readme":"readme.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-02-06T22:18:16.000Z","updated_at":"2024-03-06T20:47:40.000Z","dependencies_parsed_at":"2024-03-09T22:27:29.385Z","dependency_job_id":"ec5e2330-1a5d-42ac-8237-229eea729d37","html_url":"https://github.com/pSub/yesod-csp","commit_stats":null,"previous_names":["psub/yesod-csp"],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pSub%2Fyesod-csp","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pSub%2Fyesod-csp/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pSub%2Fyesod-csp/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pSub%2Fyesod-csp/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pSub","download_url":"https://codeload.github.com/pSub/yesod-csp/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":241950145,"owners_count":20047591,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-11T20:26:43.765Z","updated_at":"2025-03-05T02:17:31.149Z","avatar_url":"https://github.com/pSub.png","language":"Haskell","funding_links":[],"categories":[],"sub_categories":[],"readme":"#### yesod-csp\n\nThe aim of this library is to make it easy to add correct [Content Security Policy](http://content-security-policy.com/) headers to your responses. This reduces the risk of loading bad assets or scripts.\n\n#### Using the data types\n\nThe following code:\n\n```haskell\ngetHomeR :: Handler Html\ngetHomeR = do\n  cspPolicy [ScriptSrc (Self :| []), StyleSrc (Https :| [Self])]\n  defaultLayout [whamlet|hello|]\n```\n\nwill ensure that a `Content-Security-Policy: script-src 'self'; style-src https: 'self'` header is set. In this example we only want to load scripts from our own domain, and we only want styles that come from our domain or over https.\n\nThis is a work in progress, not battle-hardened! Use with caution and confirm you're getting the results you need.\n\n#### Examples\n\n[This module](https://github.com/bobjflong/yesod-csp/blob/master/src/Yesod/Csp/Example.hs) contains a host of runnable example Yesod handlers which set various CSP headers.\n\n#### Template Haskell support\n\nI'm working on Template Haskell support so you don't need to write the ADTs yourself explicitly. You can get the same compile-time checking with the familar CSP DSL:\n\n```haskell\ngetHomeR :: Handler Html\ngetHomeR = do\n  cspPolicy [csp|img-src 'self' https:; script-src https://foo.com|]\n  ...\n```\n\nYou can add in your dynamic urls in scope:\n\n```haskell\ngetHomeR :: Handler Html\ngetHomeR = do\n  let url = fromJust (escapeAndParseURI ...)\n  cspPolicy [csp|img-src 'self' $url|]\n  ...\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpsub%2Fyesod-csp","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpsub%2Fyesod-csp","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpsub%2Fyesod-csp/lists"}