api_security_resource_isolation: Set up resource isolation for a path
In plumber2: Easy and Powerful Web Servers
api_security_resource_isolation R Documentation
Set up resource isolation for a path
Description
This function adds resource isolation to a path in your API. The function can
be called multiple times to set up resource isolation for multiple
paths, potentially with different settings for each path. You can read in
depth about resource isolation at the
ResourceIsolation plugin documentation.
Usage
api_security_resource_isolation(
api,
path = "/*",
allowed_site = "same-site",
forbidden_navigation = c("object", "embed"),
allow_cors = TRUE
)
Arguments
api
A plumber2 api object to add the plugin to
path
The path that the policy should apply to. routr path syntax
applies, meaning that wilcards and path parameters are allowed.
allowed_site
The allowance level to permit. Either cross-site,
same-site, or same-origin.
forbidden_navigation
A vector of destinations not allowed for
navigational requests. See the Sec-Fetch-Dest documentation
for a description of possible values. The special value "all" is also
permitted which is the equivalent of passing all values.
allow_cors
Should Sec-Fetch-Mode: cors requests be allowed
Value
This functions return the api object allowing for easy chaining
with the pipe
Using annotation
To add resource isolation to a path you can add @rip <allowed_site> to a
handler annotation. This will add resource isolation to all endpoints
described in the block. The annotation doesn't allow setting
forbidden_navigation or allow_cors and the default values will be used.
#* A handler for /user/<username>
#*
#* @param username:string The name of the user to provide information on
#*
#* @get /user/<username>
#*
#* @response 200:{name:string, age:integer, hobbies:[string]} Important
#* information about the user such as their name, age, and hobbies
#*
#* @rip same-origin
#*
function(username) {
find_user_in_db(username)
}
See Also
Other security features:
api_security_cors(),
api_security_headers()
Examples
# Set up resource isolation for everything inside a user path
api() |>
api_security_resource_isolation(
path = "<user>/*"
)
plumber2 documentation built on Jan. 20, 2026, 5:06 p.m.
R Package Documentation
Browse R Packages
We want your feedback!
Note that we can't provide technical support on individual packages. You should contact the package authors for that.
| api_security_resource_isolation | R Documentation |
Set up resource isolation for a path
Description
This function adds resource isolation to a path in your API. The function can be called multiple times to set up resource isolation for multiple paths, potentially with different settings for each path. You can read in depth about resource isolation at the ResourceIsolation plugin documentation.
Usage
api_security_resource_isolation(
api,
path = "/*",
allowed_site = "same-site",
forbidden_navigation = c("object", "embed"),
allow_cors = TRUE
)
Arguments
api |
A plumber2 api object to add the plugin to |
path |
The path that the policy should apply to. routr path syntax applies, meaning that wilcards and path parameters are allowed. |
allowed_site |
The allowance level to permit. Either |
forbidden_navigation |
A vector of destinations not allowed for
navigational requests. See the |
allow_cors |
Should |
Value
This functions return the api object allowing for easy chaining
with the pipe
Using annotation
To add resource isolation to a path you can add @rip <allowed_site> to a
handler annotation. This will add resource isolation to all endpoints
described in the block. The annotation doesn't allow setting
forbidden_navigation or allow_cors and the default values will be used.
#* A handler for /user/<username>
#*
#* @param username:string The name of the user to provide information on
#*
#* @get /user/<username>
#*
#* @response 200:{name:string, age:integer, hobbies:[string]} Important
#* information about the user such as their name, age, and hobbies
#*
#* @rip same-origin
#*
function(username) {
find_user_in_db(username)
}
See Also
Other security features:
api_security_cors(),
api_security_headers()
Examples
# Set up resource isolation for everything inside a user path
api() |>
api_security_resource_isolation(
path = "<user>/*"
)
R Package Documentation
Browse R Packages
We want your feedback!
Note that we can't provide technical support on individual packages. You should contact the package authors for that.
Embedding an R snippet on your website
Add the following code to your website.
For more information on customizing the embed code, read Embedding Snippets.