Skip to main content
Using Deno in production at your company? Earn free Deno merch.
Give us feedback
Extremely Popular
Go to Latest
interface ContentSecurityPolicyDirectives
import { type ContentSecurityPolicyDirectives } from "https://deno.land/x/fresh@1.4.0/runtime.ts";

Properties

optional
childSrc: string[]

Defines the valid sources for web workers and nested browsing contexts loaded using elements such as and .

optional
connectSrc: string[]

Restricts the URLs which can be loaded using script interfaces.

optional
defaultSrc: string[]

Serves as a fallback for the other fetch directives.

optional
fontSrc: string[]

Specifies valid sources for fonts loaded using @font-face.

optional
frameSrc: string[]

Specifies valid sources for nested browsing contexts loading using elements such as and .

optional
imgSrc: string[]

Specifies valid sources of images and favicons.

optional
manifestSrc: string[]

Specifies valid sources of application manifest files.

optional
mediaSrc: string[]

Specifies valid sources for loading media using the , and elements.

optional
objectSrc: string[]

Specifies valid sources for the , , and elements.

optional
prefetchSrc: string[]

Specifies valid sources to be prefetched or prerendered.

optional
scriptSrc: string[]

Specifies valid sources for JavaScript.

optional
scriptSrcElem: string[]

Specifies valid sources for JavaScript elements.

optional
scriptSrcAttr: string[]

Specifies valid sources for JavaScript inline event handlers.

optional
styleSrc: string[]

Specifies valid sources for stylesheets.

optional
styleSrcElem: string[]

Specifies valid sources for stylesheets elements and elements with rel="stylesheet".

optional
styleSrcAttr: string[]

Specifies valid sources for inline styles applied to individual DOM elements.

optional
workerSrc: string[]

Specifies valid sources for Worker, SharedWorker, or ServiceWorker scripts.

optional
baseUri: string[]

Restricts the URLs which can be used in a document's element.

optional
sandbox: string[]

Enables a sandbox for the requested resource similar to the sandbox attribute.

optional
formAction: string[]

Restricts the URLs which can be used as the target of a form submissions from a given context.

optional
frameAncestors: string[]

Specifies valid parents that may embed a page using , , , , or .

optional
navigateTo: string[]

Restricts the URLs to which a document can initiate navigation by any means, including (if form-action is not specified), , window.location, window.open, etc.

optional
reportUri: string

The URI to report CSP violations to.