security::csp::require (public)

 security::csp::require [ -force ] directive value

Defined in packages/acs-tcl/tcl/security-procs.tcl

Add a single value directive to the CSP rule-set. The directives are picked up, when the page is rendered, by the CSP generator.

Switches:
-force (optional, boolean)
Parameters:
directive (required)
name of the directive (such as e.g. style-src)
value (required)
allowed source for this page (such as e.g. unsafe-inline)
Author:
Gustaf Neumann
See Also:

Partial Call Graph (max 5 caller/called nodes):
%3 Class ::xowiki::formfield::FormField Class ::xowiki::formfield::FormField (public) security::csp::require security::csp::require Class ::xowiki::formfield::FormField->security::csp::require Class ::xowiki::includelet::gravatar Class ::xowiki::includelet::gravatar (public) Class ::xowiki::includelet::gravatar->security::csp::require ad_html_text_convert ad_html_text_convert (public) ad_html_text_convert->security::csp::require cookieconsent::add_to_page cookieconsent::add_to_page (public) cookieconsent::add_to_page->security::csp::require packages/xotcl-request-monitor/www/index.tcl packages/xotcl-request-monitor/ www/index.tcl packages/xotcl-request-monitor/www/index.tcl->security::csp::require

Testcases:
No testcase defined.
Source code:
        set var ::__csp__directive($directive)
        if {![info exists $var] || $value ni [set $var]} {
            lappend $var $value
        }
        if {$force_p} {
            set var ::__csp__directive_forced($directive)
            if {![info exists $var] || $value ni [set $var]} {
                ns_log notice "CSP: forcing $directive $value"
                lappend $var $value
            }
        }
Generic XQL file:
packages/acs-tcl/tcl/security-procs.xql

PostgreSQL XQL file:
packages/acs-tcl/tcl/security-procs-postgresql.xql

Oracle XQL file:
packages/acs-tcl/tcl/security-procs-oracle.xql

[ hide source ] | [ make this the default ]
Show another procedure: