public class DefaultCspSettings extends Object implements CspSettings
CspSettings
.
The default policy implements strict CSP with a nonce based approach and follows the guide:
https://csp.withgoogle.com/docs/index.html/
You may extend or replace this class if you wish to customize the default policy further, and use your class
by setting the CspInterceptor
defaultCspSettingsClassName parameter. Actions that
implement the CspSettingsAware
interface will ignore the defaultCspSettingsClassName parameter.CspSettings
,
CspInterceptor
Modifier and Type | Field and Description |
---|---|
protected String |
cspHeader |
protected String |
reportTo |
protected String |
reportUri |
BASE_URI, CSP_ENFORCE_HEADER, CSP_REPORT_HEADER, CSP_REPORT_TYPE, HTTP, HTTPS, NONCE_RANDOM_LENGTH, NONE, OBJECT_SRC, REPORT_TO, REPORT_URI, SCRIPT_SRC, STRICT_DYNAMIC
Constructor and Description |
---|
DefaultCspSettings() |
Modifier and Type | Method and Description |
---|---|
void |
addCspHeaders(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response) |
void |
addCspHeaders(javax.servlet.http.HttpServletResponse response) |
protected String |
createPolicyFormat(javax.servlet.http.HttpServletRequest request) |
protected String |
getNonceString(javax.servlet.http.HttpServletRequest request) |
void |
setEnforcingMode(boolean enforcingMode)
Sets CSP headers in enforcing mode when true, and report-only when false
|
void |
setReportTo(String reportTo)
Sets the report group where csp violation reports will be sent
|
void |
setReportUri(String reportUri)
Sets the uri where csp violation reports will be sent
|
String |
toString() |
protected String reportUri
protected String reportTo
protected String cspHeader
public void addCspHeaders(javax.servlet.http.HttpServletResponse response)
addCspHeaders
in interface CspSettings
public void addCspHeaders(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
addCspHeaders
in interface CspSettings
protected String createPolicyFormat(javax.servlet.http.HttpServletRequest request)
protected String getNonceString(javax.servlet.http.HttpServletRequest request)
public void setEnforcingMode(boolean enforcingMode)
CspSettings
setEnforcingMode
in interface CspSettings
public void setReportUri(String reportUri)
CspSettings
setReportUri
in interface CspSettings
public void setReportTo(String reportTo)
CspSettings
setReportTo
in interface CspSettings
Copyright © 2000–2024 Apache Software Foundation. All rights reserved.