yesod-csp alternatives and similar packages
Based on the "yesod" category.
Alternatively, view yesod-csp alternatives based on common mentions on social networks and blogs.
-
yesod-persistent
A RESTful Haskell web framework built on WAI. -
yesod-fay
Utilities for using the Fay Haskell-to-JS compiler with Yesod. -
yesod-dsl
A domain specific language and a code generator desined to create RESTful services for managing an RDBMS with Yesod web framework and Persistent. -
yesod-crud
Generic administrative CRUD operations as a Yesod subsite -
yesod-auth-hashdb
Yesod.Auth.HashDB plugin, now moved out of main yesod-auth package -
yesod-routes-typescript
generate TypeScript routes for Yesod -
yesod-recaptcha
Dead simple support for reCAPTCHA on Yesod applications. -
yesod-content-pdf
Library for serving PDF content from a Yesod Application -
yesod-worker
Drop-in(ish) background worker system for Yesod applications -
yesod-auth-account-fork
Fork of yesod-auth-account with a few additions -
yesod-transloadit
A resuable widget for the Transloadit service & Yesod -
yesod-raml
Generate Yesod framework route definitions, documentaiton, mock-handler, and more from your RAML spec. -
yesod-crud-persist
Easy CRUD subsites for yesod with persistent -
yesod-auth-smbclient
Authentication plugin for Yesod using smbclient -
yesod-datatables
Routines for implementing server-side processing for DataTables (jQuery grid) in Haskell -
yesod-auth-zendesk
Zendesk remote authentication support for Yesod apps. -
yesod-auth-hmac-keccak
An account authentication plugin for yesod with encrypted token transfer. -
yesod-auth-bcrypt
BCrypt salted and hashed passwords in a database as auth for yesod -
yesod-auth-deskcom
Desk.com Multipass support for Yesod apps. -
yesod-pnotify
yet another getMessage/setMessage using pnotify jquery plugins -
yesod-test-json
Utility functions for testing JSON web services written in Yesod -
yesod-auth-ldap-native
Yesod LDAP authentication plugin using native Haskell Ldap.Client -
yesod-paypal-rest
Yesod plugin to use PayPal with the paypal-rest-client library. -
yesod-articles
Automatically generate article previews for a yesod site -
yesod-s3
Simple Helper Library for using Amazon's Simple Storage Service (S3) with Yesod
Static code analysis for 29 languages.
Do you think we are missing an alternative of yesod-csp or a related project?
README
yesod-csp
The aim of this library is to make it easy to add correct Content Security Policy headers to your responses. This reduces the risk of loading bad assets or scripts.
Using the data types
The following code:
getHomeR :: Handler Html
getHomeR = do
cspPolicy [ScriptSrc (Self :| []), StyleSrc (Https :| [Self])]
defaultLayout [whamlet|hello|]
will ensure that a Content-Security-Policy: script-src 'self'; style-src https: 'self'
header is set. In this example we only want to load scripts from our own domain, and we only want styles that come from our domain or over https.
This is a work in progress, not battle-hardened! Use with caution and confirm you're getting the results you need.
Examples
This module contains a host of runnable example Yesod handlers which set various CSP headers.
Template Haskell support
I'm working on Template Haskell support so you don't need to write the ADTs yourself explicitly. You can get the same compile-time checking with the familar CSP DSL:
getHomeR :: Handler Html
getHomeR = do
cspPolicy [csp|img-src 'self' https:; script-src https://foo.com|]
...
You can add in your dynamic urls in scope:
getHomeR :: Handler Html
getHomeR = do
let url = fromJust (escapeAndParseURI ...)
cspPolicy [csp|img-src 'self' $url|]
...