Class DefaultCspSettings
java.lang.Object
org.apache.struts2.interceptor.csp.DefaultCspSettings
- All Implemented Interfaces:
CspSettings
Default implementation of
CspSettings.
The default policy implements strict CSP with a nonce based approach and follows the guide:
https://csp.withgoogle.com/docs/index.html/
You may extend or replace this class if you wish to customize the default policy further, and use your class
by setting the CspInterceptor defaultCspSettingsClassName parameter. Actions that
implement the CspSettingsAware interface will ignore the defaultCspSettingsClassName parameter.- See Also:
-
Field Summary
FieldsFields inherited from interface org.apache.struts2.interceptor.csp.CspSettings
BASE_URI, CSP_ENFORCE_HEADER, CSP_REPORT_HEADER, CSP_REPORT_TYPE, HTTP, HTTPS, NONCE_RANDOM_LENGTH, NONE, OBJECT_SRC, REPORT_TO, REPORT_URI, SCRIPT_SRC, STRICT_DYNAMIC -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionvoidaddCspHeaders(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) protected StringcreatePolicyFormat(jakarta.servlet.http.HttpServletRequest request) protected StringgetNonceString(jakarta.servlet.http.HttpServletRequest request) voidsetEnforcingMode(boolean enforcingMode) Sets CSP headers in enforcing mode when true, and report-only when falsevoidsetReportTo(String reportTo) Sets the report group where csp violation reports will be sentvoidsetReportUri(String reportUri) Sets the uri where csp violation reports will be senttoString()
-
Field Details
-
reportUri
-
reportTo
-
cspHeader
-
-
Constructor Details
-
DefaultCspSettings
public DefaultCspSettings()
-
-
Method Details
-
addCspHeaders
public void addCspHeaders(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) - Specified by:
addCspHeadersin interfaceCspSettings
-
createPolicyFormat
-
getNonceString
-
setEnforcingMode
public void setEnforcingMode(boolean enforcingMode) Description copied from interface:CspSettingsSets CSP headers in enforcing mode when true, and report-only when false- Specified by:
setEnforcingModein interfaceCspSettings
-
setReportUri
Description copied from interface:CspSettingsSets the uri where csp violation reports will be sent- Specified by:
setReportUriin interfaceCspSettings
-
setReportTo
Description copied from interface:CspSettingsSets the report group where csp violation reports will be sent- Specified by:
setReportToin interfaceCspSettings
-
toString
-