web-security

Decoupled web security implementations for Clojure.

Motivation

Provide web security implementations decoupled from any of http abstractions like ring, pedestal etc.

Functions implementing CSP:

csp/header-name returns normal or report-only name of the CSP header.
csp/header-value-fn builds function for CSP header value from policy map, supports dynamic nonce substitution.
csp/requires-nonce? tests if result of the header-value-fn requires nonce argument
csp/find-directive return policy directive value from the policy map
csp/random-nonce-fn returns function to generate nonce values to be used in HTTP response.

Functions for the Strict-Transport-Security response header:

Functions for the Referrer-Policy response header:

Name		Name	Last commit message	Last commit date
Latest commit History 43 Commits
.clj-kondo		.clj-kondo
.github/workflows		.github/workflows
.idea		.idea
src/strojure/web_security		src/strojure/web_security
test/strojure/web_security		test/strojure/web_security
.gitignore		.gitignore
CHANGELOG.md		CHANGELOG.md
README.md		README.md
UNLICENSE		UNLICENSE
project.clj		project.clj