The goal of ContentSecurityPolicy
is provide a DSL and helpers
functions for defining Content Security
Policies to
make your Web-Apps more secure.
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement to distribution of malware.
WORK IN PROGRESS - DO NOT USE IN PRODUCTION
Feedback and contributors welcome!
You can install the released version of ContentSecurityPolicy from CRAN with:
install.packages("ContentSecurityPolicy")
remotes::install_github("dirkschumacher/ContentSecurityPolicy")
Take a look at the example shiny app in the inst/examples
directory.
library(ContentSecurityPolicy)
csp <- content_security_policy(
default_src(self),
script_src(self, unsafe_inline),
style_src(self, unsafe_inline),
img_src(self, "data:")
)
print(as_shiny_meta_tag(csp))
#> <meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:;"/>
Add the following code to your website.
For more information on customizing the embed code, read Embedding Snippets.