security::csp::require (public)

 security::csp::require [ -force ] directive value

Defined in packages/acs-tcl/tcl/security-procs.tcl

Add a single value directive to the CSP rule-set. The directives are picked up, when the page is rendered, by the CSP generator.

Switches:

-force (optional, boolean)

Parameters:

directive (required)

name of the directive (such as e.g. style-src)

value (required)

allowed source for this page (such as e.g. unsafe-inline)

Author:

Gustaf Neumann

See Also:

• security::csp::render

Partial Call Graph (max 5 caller/called nodes):

Testcases:

No testcase defined.

Source code:

        set var ::__csp__directive($directive)
        if {![info exists $var] || $value ni [set $var]} {
            lappend $var $value
        }
        if {$force_p} {
            set var ::__csp__directive_forced($directive)
            if {![info exists $var] || $value ni [set $var]} {
                ns_log notice "CSP: forcing $directive $value"
                lappend $var $value
            }
        }

Generic XQL file:

packages/acs-tcl/tcl/security-procs.xql

PostgreSQL XQL file:

packages/acs-tcl/tcl/security-procs-postgresql.xql

Oracle XQL file:

packages/acs-tcl/tcl/security-procs-oracle.xql