apoorv-2204
How to set security headers in phoenix live view?
How do I set security header for phoenix elixir application.
I used this plug, but its not working.
defmodule Provider.Plugs.SecurityHeaders do
@moduledoc """
put response header for security
"""
import Plug.Conn
def init(opts), do: opts
def call(conn, _opts) do
conn
|> put_resp_header("x-frame-options", "DENY")
|> put_resp_header("content-security-policy", "frame-src 'self'; frame-ancestors 'none'")
|> put_resp_header("x-content-type-options", "nosniff")
|> put_resp_header("referrer-policy", "no-referrer")
|> put_resp_header("cross-origin-opener-policy", "same-origin")
|> put_resp_header("cross-origin-embedder-policy", "unsafe-none")
|> put_resp_header("cross-origin-resource-policy", "same-origin")
|> put_resp_header("strict-transport-security", "max-age=31536000; includeSubDomains")
end
end
pipeline :browser do
plug(:accepts, ["html"])
plug(:fetch_session)
# plug :fetch_flash
plug(:fetch_live_flash)
plug(:put_root_layout, {Provider.LayoutView, :root})
plug(:protect_from_forgery)
plug(:put_secure_browser_headers)
plug(:load_information)
plug(:fetch_current_user)
plug(Provider.Plugs.CSP)
plug(Provider.Plugs.SecurityHeaders)
end
Most Liked
benwilson512
Author of Craft GraphQL APIs in Elixir with Absinthe
Can you elaborate on what this means? What did you expect to have happen, and what did happen?
3
hubertlepicki
You, sir or madam, need to work on your communication skills. You will not receive help if you’re unable to express yourself and describe the problem.
1
absowoot
Have a look at the documentation for put_secure_browser_headers.
A custom headers map may also be given to be merged with defaults. It is recommended for custom header keys to be in lowercase, to avoid sending duplicate keys in a request. Additionally, responses with mixed-case headers served over HTTP/2 are not considered valid by common clients, resulting in dropped responses.
pipeline :browser do
...
plug :put_secure_browser_headers,
%{
"content-security-policy" =>
"frame-src 'self'; frame-ancestors 'none'"
}
end
1
Popular in Questions
I am constructing a JSON object (map) and I need to conditionally set a field. I’m trying to write proper elixir-way code… and I’m at a l...
New
I wanted to check elixir version in phoenix because i found that my elixir is 1.5 but when i use Enum.chunk_by it said the function is un...
New
Hello all!
I am typing this post from my new MacBook Pro with the M1 chip. I’m loving it so far, and will probably use it as my daily dr...
New
What is the idiomatic way of matching for not nil in Elixir?
E.g.,
First way:
defp halt_if_not_signed_in(conn, signed_in_account) when...
New
I’m working on defining a simple Ecto schema for a table (in PostGres), but I don’t see where I can define a column as NOT NULL. Conside...
New
Hello, I have map which I want to convert it to string like this:
the map:
%{last_name: "tavakkoli", name: "shahryar"}
the string I ne...
New
What’s the safe way to decode a JSON string into a struct? I want to avoid calling String.to_atom. Jason.decode can give me a map with st...
New
lets say i have a sample like
a = 20; b = 10;
if (a > b) do
{:ok, "a"}
end
if (a < b) do
{:ok, b}
end
if (a == b) do
{:ok, "equa...
New
I have VueJS GUIs with the project generated using Webpack.
I have Elixir modules that will need to be used by the VueJS GUIs.
I forese...
New
I’ve read in another post that it may be possible with a router helper - but I couldn’t find an appropriate one, and tbh, I’m still just ...
New
Other popular topics
I have a another noob question about loop. Since elixir is immutable, while loop is not directly possible.
total = 10
while total != 0
...
New
What is the difference between System.get_env and Application.get_env? For example, what are best practices to use one versus another.
New
To my knowledge, put_in, Map.update etc. all have the one limitation of not automatically creating intermediate keys when needed (for exa...
New
Anybody knows a comprehensive comparison of Django and Phoenix, thanks for the help.
Where are they similar?
Where do they differ the m...
New
I believe there are people here who are dealing with CSV files import on the daily basis, and since Excel is a really popular tool there ...
New
When I run the Plug and I recompile I wind up having to use Ctrl C to quit iex and start again. Witht the help of rlwrap I can use the cu...
New
I am VERY much an elixir newbie. I have taken one elixir course and one phoenix course on Udemy. During that course, I saw the instructor...
New
I tried installing
elixir 1.11.2
erlang 23.3.4
via asdf in my zsh shell. Enabled the versions locally and globally.
When I list them ...
New
Hi everyone,
I was playing with phoenix liveView but I run into an issue. I have a form and want to validate each input text when the te...
New
Hi!
Currently I want to submit a form by pressing the Enter key. However, since my input field is of type “textarea” this is just adds a...
New
Categories:
Sub Categories:
Forums
Popular Tags
- #ecto
- #liveview
- #troubleshooting
- #learning-elixir
- #deployment
- #library
- #erlang
- #testing
- #genserver
- #mix
- #absinthe
- #remote-other
- #otp
- #plug
- #how-to-question
- #macros
- #postgres
- #channels
- #elixirconf
- #exunit
- #discussion
- #code-sync
- #javascript
- #podcasts
- #onsite
- #dialyzer
- #docker
- #authentication
- #umbrella
- #full-time-contract
- #podcasts-by-brainlid
- #ecto-query
- #elixir-ls
- #phoenix_html
- #iex
- #blog-post
- #graphql
- #genstage
- #ai
- #websockets
- #supervisor
- #advent-of-code
- #elixirconf-us
- #distillery
- #processes
- #forms
- #api
- #metaprogramming
- #security
- #performance








