ring

restenb 2020-04-02T15:39:56.012800Z

anybody aware of an actively maintained CSP library for Ring? all I can find is https://github.com/ecmendenhall/malcontent

restenb 2020-04-02T15:40:24.013300Z

it'll probably work fine for my use, but it is 7 years old at this time

restenb 2020-04-02T15:40:59.013900Z

i'm not aware that CSP was ever added to Ring itself, even as a separate lib?

victorb 2020-04-02T16:57:29.015600Z

@restenb not exactly sure what you're looking for in the library, can't you just add Content-Security-Policy header manually to the requests? Feels a bit over the top to include a library to write one header. Otherwise I think ring-defaults have a "security-profile" but not sure that includes CSP, as it's very application specific and hard to provide good defaults for

victorb 2020-04-02T16:59:25.016500Z

the header is not that complicated once you look at it https://content-security-policy.com/ and I'm guessing you normally set the values once and use it, I'm not aware of use cases where you want to change it dynamically

victorb 2020-04-02T17:00:29.017700Z

lastly, even though the library is 7 years old, is it actually not working, have issues that prevent you from using it or it's just about the age? I've found clojure libraries that are old not to mean they are bad but they are done and stable (at least most of the times, YMMV)

restenb 2020-04-02T17:08:46.018200Z

i'm mainly looking for something to make it easier to configure custom directives for CSP

restenb 2020-04-02T17:09:00.018500Z

but yeah that lib will probably do the job for me still