Skip to content

braunse/cospex

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
.vscode
.vscode
 
 
lib/cospex
lib/cospex
 
 
test
test
 
 
.cz.toml
.cz.toml
 
 
.formatter.exs
.formatter.exs
 
 
.gitignore
.gitignore
 
 
CHANGELOG.md
CHANGELOG.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
mix.exs
mix.exs
 
 
mix.lock
mix.lock
 
 

Repository files navigation

Cospex

Better Content-Security-Policy for Phoenix apps

Cospex wants to make it easier to use modern Content-Security-Policy in your Phoenix applications, including with Phoenix Live View.

Cospex supports generating a nonce for better security.

Installation

At the moment, Cospex is not yet in hex.pm, so you would have to add a dependency to this git repository:

def deps do
  [
    # ...,
    {:cospex, git: "https://github.com/braunse/cospex.git"},
    # ...,
  ]

To enable it, add the Cospex Plug to your router:

  pipeline :browser do
    # ...
    plug Cospex.Plug,
      default_src: [:self, :nonce],
      script_src: [:self, :strict_dynamic, :nonce]
  end

And further, to output <script> and <link> tags with the correct nonce, switch to the helper functions in Cospex.ViewHelpers:

  <%= Cospex.ViewHelpers.style_tag(@conn, "/js/app.css") %>
  <%= Cospex.ViewHelpers.script_tag(@conn, "/js/app.js") %>

About

Better Content-Security-Policy for Phoenix

Resources

Readme

License

MPL-2.0 license
Activity

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages