Class DefaultCspSettings
java.lang.Object
org.apache.struts2.interceptor.csp.DefaultCspSettings
- All Implemented Interfaces:
CspSettings
Default implementation of
CspSettings
.
The default policy implements strict CSP with a nonce based approach and follows the guide: https://csp.withgoogle.com/docs/index.html/- See Also:
-
Field Summary
Fields inherited from interface org.apache.struts2.interceptor.csp.CspSettings
BASE_URI, CSP_ENFORCE_HEADER, CSP_REPORT_HEADER, CSP_REPORT_TYPE, HTTP, HTTPS, NONCE_RANDOM_LENGTH, NONE, OBJECT_SRC, REPORT_URI, SCRIPT_SRC, STRICT_DYNAMIC
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionvoid
addCspHeaders
(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) void
addCspHeaders
(jakarta.servlet.http.HttpServletResponse response) void
setEnforcingMode
(boolean enforcingMode) Sets CSP headers in enforcing mode when true, and report-only when falsevoid
setReportUri
(String reportUri) Sets the uri where csp violation reports will be senttoString()
-
Constructor Details
-
DefaultCspSettings
public DefaultCspSettings()
-
-
Method Details
-
addCspHeaders
public void addCspHeaders(jakarta.servlet.http.HttpServletResponse response) - Specified by:
addCspHeaders
in interfaceCspSettings
-
addCspHeaders
public void addCspHeaders(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) - Specified by:
addCspHeaders
in interfaceCspSettings
-
setEnforcingMode
public void setEnforcingMode(boolean enforcingMode) Description copied from interface:CspSettings
Sets CSP headers in enforcing mode when true, and report-only when false- Specified by:
setEnforcingMode
in interfaceCspSettings
-
setReportUri
Description copied from interface:CspSettings
Sets the uri where csp violation reports will be sent- Specified by:
setReportUri
in interfaceCspSettings
-
toString
-