anybody aware of an actively maintained CSP library for Ring? all I can find is https://github.com/ecmendenhall/malcontent
it'll probably work fine for my use, but it is 7 years old at this time
i'm not aware that CSP was ever added to Ring itself, even as a separate lib?
@restenb not exactly sure what you're looking for in the library, can't you just add Content-Security-Policy
header manually to the requests? Feels a bit over the top to include a library to write one header. Otherwise I think ring-defaults
have a "security-profile" but not sure that includes CSP, as it's very application specific and hard to provide good defaults for
the header is not that complicated once you look at it https://content-security-policy.com/ and I'm guessing you normally set the values once and use it, I'm not aware of use cases where you want to change it dynamically
lastly, even though the library is 7 years old, is it actually not working, have issues that prevent you from using it or it's just about the age? I've found clojure libraries that are old not to mean they are bad but they are done and stable (at least most of the times, YMMV)
i'm mainly looking for something to make it easier to configure custom directives for CSP
but yeah that lib will probably do the job for me still