Interface CspSettings
- All Known Implementing Classes:
DefaultCspSettings
public interface CspSettings
CspSettings interface used by the
CspInterceptor to add the CSP header to the response.
The default implementation can be found in DefaultCspSettings.- See Also:
-
Field Summary
Fields -
Method Summary
Modifier and TypeMethodDescriptionvoidaddCspHeaders(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) Adds CSP related headers to response based on request state (e.g., if session has been created)voidsetEnforcingMode(boolean value) Sets CSP headers in enforcing mode when true, and report-only when falsevoidsetReportTo(String group) Sets the report group where csp violation reports will be sentvoidsetReportUri(String uri) Sets the uri where csp violation reports will be sent
-
Field Details
-
NONCE_RANDOM_LENGTH
static final int NONCE_RANDOM_LENGTH- See Also:
-
CSP_ENFORCE_HEADER
- See Also:
-
CSP_REPORT_HEADER
- See Also:
-
OBJECT_SRC
- See Also:
-
SCRIPT_SRC
- See Also:
-
BASE_URI
- See Also:
-
REPORT_URI
- See Also:
-
REPORT_TO
- See Also:
-
NONE
- See Also:
-
STRICT_DYNAMIC
- See Also:
-
HTTP
- See Also:
-
HTTPS
- See Also:
-
CSP_REPORT_TYPE
- See Also:
-
-
Method Details
-
addCspHeaders
void addCspHeaders(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) Adds CSP related headers to response based on request state (e.g., if session has been created)- Since:
- Struts 6.0.3
-
setReportUri
Sets the uri where csp violation reports will be sent -
setReportTo
Sets the report group where csp violation reports will be sent- Since:
- Struts 6.5.0
-
setEnforcingMode
void setEnforcingMode(boolean value) Sets CSP headers in enforcing mode when true, and report-only when false
-