ygale
commented
7 years ago I didn't want this to be O(n) on the total number of headers, but I also didn't want this header always to be the first one. So put it down the list by some arbitrary constant amount.
On Wed, Nov 22, 2017 at 2:31 PM, Bob Long notifications@github.com wrote:
@bobjflong commented on this pull request.
In src/Yesod/Csp.hs https://github.com/bobjflong/yesod-csp/pull/5#discussion_r152549923:
-- | Returns a generated Content-Security-Policy header. getCspPolicy :: DirectiveList -> Text getCspPolicy = directiveListToHeader
+-- | Creates a WAI 'Middleware' to add a Content-Security-Policy +-- header to every response. +cspMiddleware :: DirectiveList -> Middleware +cspMiddleware = addHeaderMiddleware . mkHeader . directiveListToHeader
- where
- addHeaderMiddleware = modifyResponse . mapResponseHeaders . insertAt 5
Sorry for the delay here. Can you explain why 5?
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/bobjflong/yesod-csp/pull/5#pullrequestreview-78428320, or mute the thread https://github.com/notifications/unsubscribe-auth/ABgoktrJ68w4tcUROgTbpbbdL3hfPBIBks5s5BQsgaJpZM4OCBTd .
bobjflong
Use a WAI middleware to add CSP headers to all responses directly, even those that don't go via
defaultLayout. If you always want the CSP headers, this is less error prone than adding them manually to handlers.