You are here

Home » API reference » Content-Security-Policy 8 » Csp.php » Csp

constant Csp::DIRECTIVES in Content-Security-Policy 8

The schema type for each directive.

File

src/Csp.php, line 38

Class

Csp
A CSP Header.

Namespace

Drupal\csp

Code

const DIRECTIVES = [
  // Fetch Directives.
  // @see https://www.w3.org/TR/CSP3/#directives-fetch
  'default-src' => self::DIRECTIVE_SCHEMA_SOURCE_LIST,
  'child-src' => self::DIRECTIVE_SCHEMA_SOURCE_LIST,
  'connect-src' => self::DIRECTIVE_SCHEMA_SOURCE_LIST,
  'font-src' => self::DIRECTIVE_SCHEMA_SOURCE_LIST,
  'frame-src' => self::DIRECTIVE_SCHEMA_SOURCE_LIST,
  'img-src' => self::DIRECTIVE_SCHEMA_SOURCE_LIST,
  'manifest-src' => self::DIRECTIVE_SCHEMA_SOURCE_LIST,
  'media-src' => self::DIRECTIVE_SCHEMA_SOURCE_LIST,
  'object-src' => self::DIRECTIVE_SCHEMA_SOURCE_LIST,
  'prefetch-src' => self::DIRECTIVE_SCHEMA_SOURCE_LIST,
  'script-src' => self::DIRECTIVE_SCHEMA_SOURCE_LIST,
  'script-src-attr' => self::DIRECTIVE_SCHEMA_SOURCE_LIST,
  'script-src-elem' => self::DIRECTIVE_SCHEMA_SOURCE_LIST,
  'style-src' => self::DIRECTIVE_SCHEMA_SOURCE_LIST,
  'style-src-attr' => self::DIRECTIVE_SCHEMA_SOURCE_LIST,
  'style-src-elem' => self::DIRECTIVE_SCHEMA_SOURCE_LIST,
  'worker-src' => self::DIRECTIVE_SCHEMA_SOURCE_LIST,
  // Document Directives.
  // @see https://www.w3.org/TR/CSP3/#directives-document
  'base-uri' => self::DIRECTIVE_SCHEMA_SOURCE_LIST,
  'plugin-types' => self::DIRECTIVE_SCHEMA_MEDIA_TYPE_LIST,
  'sandbox' => self::DIRECTIVE_SCHEMA_OPTIONAL_TOKEN_LIST,
  // Navigation Directives.
  // @see https://www.w3.org/TR/CSP3/#directives-navigation
  'form-action' => self::DIRECTIVE_SCHEMA_SOURCE_LIST,
  'frame-ancestors' => self::DIRECTIVE_SCHEMA_ANCESTOR_SOURCE_LIST,
  'navigate-to' => self::DIRECTIVE_SCHEMA_SOURCE_LIST,
  // Reporting Directives.
  // @see https://www.w3.org/TR/CSP3/#directives-reporting
  'report-uri' => self::DIRECTIVE_SCHEMA_URI_REFERENCE_LIST,
  'report-to' => self::DIRECTIVE_SCHEMA_TOKEN,
  // Other directives.
  // @see https://www.w3.org/TR/CSP/#directives-elsewhere
  'block-all-mixed-content' => self::DIRECTIVE_SCHEMA_BOOLEAN,
  'upgrade-insecure-requests' => self::DIRECTIVE_SCHEMA_BOOLEAN,
  // Deprecated directives.
  // Referrer isn't in the Level 1 spec, but was accepted until Chrome 56 and
  // Firefox 62.
  'referrer' => self::DIRECTIVE_SCHEMA_TOKEN,
  // 'require-sri-for' was removed from the SRI spec.
  // @see https://www.drupal.org/project/csp/issues/3106728
  'require-sri-for' => self::DIRECTIVE_SCHEMA_TOKEN_LIST,
];