security::csp::add_static_resource_header (public)

 security::csp::add_static_resource_header -mime_type mime_type

Defined in packages/acs-tcl/tcl/security-procs.tcl

Set the CSP rule on the current connection for a static resource depending on the MIME type.

Switches:

-mime_type (required)

MIME type of the resource to be delivered

Testcases:

No testcase defined.

Source code:

        if {![ns_conn isconnected]} {
            error "Content-Security-Policy headers can be only set for active connections"
        }
        if {[dict exists $::security::csp::static_csp $mime_type]} {
            ns_set iupdate [ns_conn outputheaders]  "Content-Security-Policy" [dict get $::security::csp::static_csp $mime_type]
            ns_log notice "STATIC $mime_type: Content-Security-Policy [dict get $::security::csp::static_csp $mime_type]"
        } else {
            #ns_log notice "STATIC $mime_type: no Content-Security-Policy defined for this MIME type"
        }

Generic XQL file:

packages/acs-tcl/tcl/security-procs.xql

PostgreSQL XQL file:

packages/acs-tcl/tcl/security-procs-postgresql.xql

Oracle XQL file:

packages/acs-tcl/tcl/security-procs-oracle.xql