-
Adds a free-form value to a directive for the CSP header.
Adds the given values to the CSP directive on this configuraiton.
ContentSecurityPolicySettings.blocking()
CSPHeaderConfiguration.clear()
Removes all CSP directives from the configuration.
Removes all directives from the CSP, returning an empty configuration.
Removes the given directive from the configuration.
Configures the CSP to report violations back at the application.
Configures the CSP to report violations at the specified relative URI.
Enable legacy X-Content-Security-Policy
headers for older browsers, such as IE.
CSPHeaderConfiguration.strict()
Builds a strict, very secure CSP configuration with the following directives:
default-src 'none';
script-src 'strict-dynamic' 'nonce-XYZ';
style-src 'nonce-XYZ';
img-src 'self';
connect-src 'self';
font-src 'self';
manifest-src 'self';
child-src 'self';
frame-src 'self'
base-uri 'self'
.
Builds a CSP configuration with the following directives: default-src 'none';
script-src 'self' 'unsafe-inline' 'unsafe-eval';
style-src 'self' 'unsafe-inline';
img-src 'self';
connect-src 'self';
font-src 'self';
manifest-src 'self';
child-src 'self';
frame-src 'self'
base-uri 'self'
.
Creates a new ClonedCSPValue
for the given directive.