strojure/web-security

Decoupled web security implementations for Clojure.

web-security

Decoupled web security implementations for Clojure.

Motivation

Provide web security implementations decoupled from any of http abstractions like ring, pedestal etc.

API

Content Security Policy (CSP)

Functions implementing CSP:

• csp/header-name returns normal or report-only name of the CSP header.
• csp/header-value-fn builds function for CSP header value from policy map, supports dynamic nonce substitution.
• csp/requires-nonce? tests if result of the header-value-fn requires nonce argument
• csp/find-directive return policy directive value from the policy map
• csp/random-nonce-fn returns function to generate nonce values to be used in HTTP response.

HSTS

Functions for the Strict-Transport-Security response header:

• hsts/header-value.

Referrer-Policy

Functions for the Referrer-Policy response header:

• referrer-policy/header-value.

---

Authored by Sergey Trofimov.