NAME
    Mojolicious::Plugin::CSPHeader - Mojolicious Plugin to add
    Content-Security-Policy header to every HTTP response.

SYNOPSIS
      # Mojolicious
      $self->plugin('CSPHeader', csp => "default-src 'none'; font-src 'self'; img-src 'self' data:; style-src 'self'");
      # or
      $self->plugin('CSPHeader', directives => {
          'default-src' => "'none'",
          'font-src'    => "'self'",
          'img-src'     => "'self' data:",
          'style-src'   => "'self'"
      });

      # Mojolicious::Lite
      plugin 'CSPHeader', csp => "default-src 'none'; font-src 'self'; img-src 'self' data:; style-src 'self'";
      # or
      plugin 'CSPHeader', directives => {
          'default-src' => "'none'",
          'font-src'    => "'self'",
          'img-src'     => "'self' data:",
          'style-src'   => "'self'"
      };

DESCRIPTION
    Mojolicious::Plugin::CSPHeader is a Mojolicious plugin which adds
    Content-Security-Policy header to every HTTP response.

    To know what should be the CSP header to add to your site, you can use
    this Firefox addon:
    <https://addons.mozilla.org/fr/firefox/addon/laboratory-by-mozilla/>.

    <https://content-security-policy.com/> provides a good documentation
    about CSP.

    <https://report-uri.com/home/generate> provides a tool to generate a CSP
    header.

    This plugin will warn you in Mojolicious info log if you use the
    "directives" syntax and use experimental or deprecated directives. The
    list of experimental and deprecated directives is based on
    <https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP> as seen on 28
    April 2018.

    If you want to use the "directives" syntax and add some directive that
    this plugin doesn't know, put those new directives in a "extra" hash
    like this:

      $self->plugin('CSPHeader', directives => {
          'default-src' => "'none'",
      }, extra => {
          'foo-src' => "'self'"
      });

    Please note that the "csp" syntax takes precedence over the "directives"
    syntax. Don't use both.

METHODS
    Mojolicious::Plugin::CSPHeader inherits all methods from
    Mojolicious::Plugin and implements the following new ones.

  register
      $plugin->register(Mojolicious->new);

    Register plugin in Mojolicious application.

BUGS and SUPPORT
    The latest source code can be browsed and fetched at:

      https://framagit.org/luc/mojolicious-plugin-cspheader
      git clone https://framagit.org/luc/mojolicious-plugin-cspheader.git

    Bugs and feature requests will be tracked at:

      https://framagit.org/luc/mojolicious-plugin-cspheader/issues

AUTHOR
      Luc DIDRY
      CPAN ID: LDIDRY
      ldidry@cpan.org
      https://fiat-tux.fr/

COPYRIGHT
    This program is free software; you can redistribute it and/or modify it
    under the same terms as Perl itself.

    The full text of the license can be found in the LICENSE file included
    with this module.

SEE ALSO
    Mojolicious, Mojolicious::Guides, <http://mojolicious.org>,
    <https://www.w3.org/TR/CSP/>