pedestal 2019-05-28 | Slack Archive

How do I tweak Content Security Policy in Pedestal?

Inside service-map

::http/port 8080
::http/secure-headers {:content-security-policy-settings content-security-policy-settings}
...

✔️ 4

souenzzo08:05:15

docs here https://cljdoc.org/d/io.pedestal/pedestal.service/0.5.5/api/io.pedestal.http.secure-headers @ahmed1hsn

👍 4

souenzzo08:05:15

docs aren't awesome, but you can checkout the sources. it's just a bunch of string concat/join

Ahmed Hassan08:05:05

So, If I have set up http/secure-headers in service-map I do not need to include <meta http-equiv="Content-Security-Policy" content="default-src ; child-src 'none'; object-src 'none'"> Tag in html. Right?

Ahmed Hassan08:05:00

https://developers.google.com/web/fundamentals/security/csp/#the_meta_tag

souenzzo08:05:03

Yep. Choose one method (headers or meta-tags). https://developer.mozilla.org/en-US/docs/Web/HTML/Element/meta#attr-http-equiv

🙂 4

2019-05-28

Channels