Package org.apache.struts2.interceptor
Interface ResourceIsolationPolicy
- All Known Implementing Classes:
StrutsResourceIsolationPolicy
- Functional Interface:
- This is a functional interface and can therefore be used as the assignment target for a lambda expression or method reference.
Interface for the resource isolation policies to be used for fetch metadata checks.
Resource isolation policies are designed to protect against cross origin attacks and use the
sec-fetch-*
request headers to decide whether to accept or reject a request. Read more
about Fetch Metadata.
See StrutsResourceIsolationPolicy
for the default implementation used.-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
-
Method Summary
Modifier and TypeMethodDescriptionboolean
isRequestAllowed
(jakarta.servlet.http.HttpServletRequest request)
-
Field Details
-
SEC_FETCH_DEST_HEADER
- See Also:
-
SEC_FETCH_MODE_HEADER
- See Also:
-
SEC_FETCH_SITE_HEADER
- See Also:
-
SEC_FETCH_USER_HEADER
- See Also:
-
VARY_HEADER
- See Also:
-
DEST_AUDIO
- See Also:
-
DEST_AUDIOWORKLET
- See Also:
-
DEST_DOCUMENT
- See Also:
-
DEST_EMBED
- See Also:
-
DEST_EMPTY
- See Also:
-
DEST_FONT
- See Also:
-
DEST_IMAGE
- See Also:
-
DEST_MANIFEST
- See Also:
-
DEST_NESTED_DOCUMENT
- See Also:
-
DEST_OBJECT
- See Also:
-
DEST_PAINTWORKLET
- See Also:
-
DEST_REPORT
- See Also:
-
DEST_SCRIPT
- See Also:
-
DEST_SERVICEWORKER
- See Also:
-
DEST_SHAREDWORKER
- See Also:
-
DEST_STYLE
- See Also:
-
DEST_TRACK
- See Also:
-
DEST_VIDEO
- See Also:
-
DEST_WORKER
- See Also:
-
DEST_XSLT
- See Also:
-
MODE_CORS
- See Also:
-
MODE_NAVIGATE
- See Also:
-
MODE_NESTED_NAVIGATE
- See Also:
-
MODE_NO_CORS
- See Also:
-
MODE_SAME_ORIGIN
- See Also:
-
MODE_WEBSOCKET
- See Also:
-
SITE_CROSS_SITE
- See Also:
-
SITE_SAME_ORIGIN
- See Also:
-
SITE_SAME_SITE
- See Also:
-
SITE_NONE
- See Also:
-
-
Method Details
-
isRequestAllowed
boolean isRequestAllowed(jakarta.servlet.http.HttpServletRequest request)
-