You are here

Home » API reference » Content-Security-Policy 8

csp.schema.yml in Content-Security-Policy 8

config/schema/csp.schema.yml

File

config/schema/csp.schema.yml
View source 
  1. # Schema for the configuration files of the csp module.

  2. 

  3. csp.settings:

  4.   type: config_object

  5.   label: 'Content Security Policy Settings'

  6.   mapping:

  7.     report-only:

  8.       type: csp_policy

  9.       label: 'Report-Only Policy'

  10.     enforce:

  11.       type: csp_policy

  12.       label: 'Enforce Policy'

  13. 

  14. csp_policy:

  15.   type: mapping

  16.   label: 'Policy'

  17.   mapping:

  18.     enable:

  19.       type: boolean

  20.       label: 'Enable'

  21.     directives:

  22.       type: sequence

  23.       label: 'Directives'

  24.       sequence:

  25.         type: csp_directive.[%key]

  26.     reporting:

  27.       type: mapping

  28.       label: 'Reporting'

  29.       mapping:

  30.         plugin:

  31.           type: string

  32.           label: 'The Reporting Handler Plugin ID'

  33.         options:

  34.           type: csp_reporting_handler.[%parent.plugin]

  35.           label: 'Reporting Plugin Options'

  36. 

  37. csp_directive_source_list:

  38.   type: mapping

  39.   mapping:

  40.     base:

  41.       type: string

  42.       label: 'Base'

  43.     flags:

  44.       type: sequence

  45.       label: 'Flags'

  46.       sequence:

  47.         type: string

  48.     sources:

  49.       type: sequence

  50.       label: 'Sources'

  51.       sequence:

  52.         type: string

  53. csp_directive.default-src:

  54.   type: csp_directive_source_list

  55. csp_directive.child-src:

  56.   type: csp_directive_source_list

  57. csp_directive.connect-src:

  58.   type: csp_directive_source_list

  59. csp_directive.font-src:

  60.   type: csp_directive_source_list

  61. csp_directive.frame-src:

  62.   type: csp_directive_source_list

  63. csp_directive.img-src:

  64.   type: csp_directive_source_list

  65. csp_directive.manifest-src:

  66.   type: csp_directive_source_list

  67. csp_directive.media-src:

  68.   type: csp_directive_source_list

  69. csp_directive.object-src:

  70.   type: csp_directive_source_list

  71. csp_directive.prefetch-src:

  72.   type: csp_directive_source_list

  73. csp_directive.script-src:

  74.   type: csp_directive_source_list

  75. csp_directive.script-src-attr:

  76.   type: csp_directive_source_list

  77. csp_directive.script-src-elem:

  78.   type: csp_directive_source_list

  79. csp_directive.style-src:

  80.   type: csp_directive_source_list

  81. csp_directive.style-src-attr:

  82.   type: csp_directive_source_list

  83. csp_directive.style-src-elem:

  84.   type: csp_directive_source_list

  85. csp_directive.worker-src:

  86.   type: csp_directive_source_list

  87. csp_directive.base-uri:

  88.   type: csp_directive_source_list

  89. csp_directive.plugin-types:

  90.   type: sequence

  91.   sequence:

  92.     type: string

  93. csp_directive.sandbox:

  94.   type: sequence

  95.   sequence:

  96.     type: string

  97. csp_directive.form-action:

  98.   type: csp_directive_source_list

  99. # frame-ancestors does not support unsafe flags

  100. # @see https://www.w3.org/TR/CSP/#grammardef-ancestor-source-list

  101. csp_directive.frame-ancestors:

  102.   type: csp_directive_source_list

  103. csp_directive.navigate-to:

  104.   type: csp_directive_source_list

  105. csp_directive.block-all-mixed-content:

  106.   type: boolean

  107. csp_directive.upgrade-insecure-requests:

  108.   type: boolean

  109. 

  110. csp_reporting_handler.none:

  111.   type: mapping

  112.   label: 'None'

  113. csp_reporting_handler.sitelog:

  114.   type: mapping

  115.   label: 'Site Log'

  116. csp_reporting_handler.report-uri-com:

  117.   type: mapping

  118.   label: 'Report URI'

  119.   mapping:

  120.     subdomain:

  121.       type: string

  122.       label: 'Subdomain'

  123.     wizard:

  124.       type: boolean

  125.       label: 'Wizard'

  126. csp_reporting_handler.uri:

  127.   type: mapping

  128.   label: 'URI'

  129.   mapping:

  130.     uri:

  131.       type: uri

  132.       label: 'URI'