Package org.apache.struts2.interceptor.csp

Class DefaultCspSettings

java.lang.Object

org.apache.struts2.interceptor.csp.DefaultCspSettings

All Implemented Interfaces:

CspSettings

public class DefaultCspSettings
extends Object
implements CspSettings

Default implementation of CspSettings. The default policy implements strict CSP with a nonce based approach and follows the guide: https://csp.withgoogle.com/docs/index.html/ You may extend or replace this class if you wish to customize the default policy further, and use your class by setting the CspInterceptor defaultCspSettingsClassName parameter. Actions that implement the CspSettingsAware interface will ignore the defaultCspSettingsClassName parameter.

See Also:

• CspSettings
• CspInterceptor

Field Summary

Fields

Modifier and Type	Field	Description
protected String	cspHeader
protected String	reportTo
protected String	reportUri

Fields inherited from interface org.apache.struts2.interceptor.csp.CspSettings

BASE_URI, CSP_ENFORCE_HEADER, CSP_REPORT_HEADER, CSP_REPORT_TYPE, HTTP, HTTPS, NONCE_RANDOM_LENGTH, NONE, OBJECT_SRC, REPORT_TO, REPORT_URI, SCRIPT_SRC, STRICT_DYNAMIC

Constructor Summary

Constructors

Constructor	Description
DefaultCspSettings()

Method Summary

Modifier and Type	Method	Description
void	addCspHeaders(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
protected String	createPolicyFormat(jakarta.servlet.http.HttpServletRequest request)
protected String	getNonceString(jakarta.servlet.http.HttpServletRequest request)
void	setEnforcingMode(boolean enforcingMode)	Sets CSP headers in enforcing mode when true, and report-only when false
void	setReportTo(String reportTo)	Sets the report group where csp violation reports will be sent
void	setReportUri(String reportUri)	Sets the uri where csp violation reports will be sent
String	toString()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Details

reportUri

protected String reportUri

reportTo

protected String reportTo

cspHeader

protected String cspHeader

Constructor Details

DefaultCspSettings

public DefaultCspSettings()

Method Details

addCspHeaders

public void addCspHeaders(jakarta.servlet.http.HttpServletRequest request,
 jakarta.servlet.http.HttpServletResponse response)

Specified by:

addCspHeaders in interface CspSettings

createPolicyFormat

protected String createPolicyFormat(jakarta.servlet.http.HttpServletRequest request)

getNonceString

protected String getNonceString(jakarta.servlet.http.HttpServletRequest request)

setEnforcingMode

public void setEnforcingMode(boolean enforcingMode)

Description copied from interface: CspSettings

Sets CSP headers in enforcing mode when true, and report-only when false

Specified by:

setEnforcingMode in interface CspSettings

setReportUri

public void setReportUri(String reportUri)

Description copied from interface: CspSettings

Sets the uri where csp violation reports will be sent

Specified by:

setReportUri in interface CspSettings

setReportTo

public void setReportTo(String reportTo)

Description copied from interface: CspSettings

Sets the report group where csp violation reports will be sent

Specified by:

setReportTo in interface CspSettings

toString

public String toString()

Overrides:

toString in class Object