-- Hoogle documentation, generated by Haddock
-- See Hoogle, http://www.haskell.org/hoogle/


-- | Add CSP headers to Yesod apps
--   
--   Add CSP headers to Yesod apps. This helps reduce exposure to XSS
--   attacks and bad assets.
@package yesod-csp
@version 0.2.4.0


-- | Add <a>CSP</a> headers to Yesod apps. This helps reduce the risk of
--   exposure to XSS and bad assets.
module Yesod.Csp

-- | Adds a <a>Content-Security-Policy</a> header to your response.
--   
--   <pre>
--   getExample1R :: Handler Html
--   getExample1R = do
--     -- only allow scripts from my website
--     cspPolicy [ScriptSrc (Self :| [])]
--     defaultLayout $ do
--       addScriptRemote "http://httpbin.org/i_am_external"
--       [whamlet|hello|]
--   </pre>
cspPolicy :: (MonadHandler m) => DirectiveList -> m ()

-- | Returns a generated Content-Security-Policy header.
getCspPolicy :: DirectiveList -> Text

-- | Creates a WAI <a>Middleware</a> to add a Content-Security-Policy
--   header to every response.
cspMiddleware :: DirectiveList -> Middleware
data EscapedURI

-- | Escapes ';' '\'' and ' ', and parses to URI
escapeAndParseURI :: Text -> Maybe EscapedURI

-- | Escapes Text to be a valid nonce value
escapedTextForNonce :: String -> EscapedText

-- | Escapes a Text value, returning a valid Nonce
nonce :: Text -> Source

-- | A list of restrictions to apply.
type DirectiveList = [Directive]

-- | A restriction on how assets can be loaded. For example <tt>ImgSrc</tt>
--   concerns where images may be loaded from.
data Directive
DefaultSrc :: SourceList -> Directive
ScriptSrc :: SourceList -> Directive
StyleSrc :: SourceList -> Directive
ImgSrc :: SourceList -> Directive
ConnectSrc :: SourceList -> Directive
FontSrc :: SourceList -> Directive
ObjectSrc :: SourceList -> Directive
MediaSrc :: SourceList -> Directive
FrameSrc :: SourceList -> Directive
FrameAncestors :: SourceList -> Directive

-- | Applies a sandbox to the result. <a>See here</a> for more info.
Sandbox :: [SandboxOptions] -> Directive
ReportUri :: EscapedURI -> Directive

-- | A list of allowed sources for a directive.
type SourceList = NonEmpty Source

-- | Represents a location from which assets may be loaded.
data Source
Wildcard :: Source
None :: Source
Self :: Source
DataScheme :: Source
Host :: EscapedURI -> Source
Https :: Source
UnsafeInline :: Source
UnsafeEval :: Source
StrictDynamic :: Source
Nonce :: EscapedText -> Source
MetaSource :: Text -> Source

-- | Configuration options for the sandbox.
data SandboxOptions
AllowForms :: SandboxOptions
AllowScripts :: SandboxOptions
AllowSameOrigin :: SandboxOptions
AllowTopNavigation :: SandboxOptions
textSource :: Source -> Text
instance Data.Data.Data Yesod.Csp.Directive
instance GHC.Show.Show Yesod.Csp.Directive
instance GHC.Classes.Eq Yesod.Csp.Directive
instance Data.Data.Data Yesod.Csp.SandboxOptions
instance GHC.Show.Show Yesod.Csp.SandboxOptions
instance GHC.Classes.Eq Yesod.Csp.SandboxOptions
instance Data.Data.Data Yesod.Csp.Source
instance GHC.Show.Show Yesod.Csp.Source
instance GHC.Classes.Eq Yesod.Csp.Source
instance Data.Data.Data Yesod.Csp.EscapedText
instance GHC.Classes.Eq Yesod.Csp.EscapedText
instance Data.Data.Data Yesod.Csp.EscapedURI
instance GHC.Classes.Eq Yesod.Csp.EscapedURI
instance GHC.Show.Show Yesod.Csp.EscapedText
instance GHC.Show.Show Yesod.Csp.EscapedURI

module Yesod.Csp.TH
source :: Parser Source
withSourceList :: Parser Directive
reportUri :: Parser Directive
sandbox :: Parser Directive
sandboxOptions :: Parser SandboxOptions
directive :: Parser DirectiveList
csp :: QuasiQuoter


-- | Assorted examples demonstrating different policies.
module Yesod.Csp.Example
data Example
Example :: Example
type Handler = HandlerFor Example
type Widget = WidgetFor Example ()
resourcesExample :: [ResourceTree String]

-- | Allows scripts from self.
getExample1R :: Handler Html

-- | Allows all styles over https.
getExample2R :: Handler Html

-- | Allows images from a certain uri.
getExample3R :: Handler Html

-- | Allows all images.
getExample4R :: Handler Html

-- | Disallows images entirely.
getExample5R :: Handler Html

-- | Blocks forms from being submitted
getExample6R :: Handler Html
getExample7R :: Handler Html
postExample7R :: Handler Html
cdn :: Source
getExample8R :: Handler Html
getExample9R :: Handler Html
getExample10R :: Handler Html
getExample11R :: Handler Html
getExample12R :: Handler Html

-- | Run a webserver to serve these examples at <i>1, </i>2, etc.
runExamples :: IO ()
instance GHC.Read.Read (Yesod.Routes.Class.Route Yesod.Csp.Example.Example)
instance GHC.Classes.Eq (Yesod.Routes.Class.Route Yesod.Csp.Example.Example)
instance GHC.Show.Show (Yesod.Routes.Class.Route Yesod.Csp.Example.Example)
instance Yesod.Routes.Class.ParseRoute Yesod.Csp.Example.Example
instance Yesod.Routes.Class.RenderRoute Yesod.Csp.Example.Example
instance Yesod.Routes.Class.RouteAttrs Yesod.Csp.Example.Example
instance Yesod.Core.Class.Dispatch.YesodDispatch Yesod.Csp.Example.Example
instance Yesod.Core.Class.Yesod.Yesod Yesod.Csp.Example.Example
