Package org.apache.struts2.interceptor.csp
package org.apache.struts2.interceptor.csp
-
ClassDescriptionInterceptor that implements Content Security Policy on incoming requests used to protect against common XSS and data injection attacks.Reads the nonce value using the ValueStack,
StrutsCspNonceReaderis the default implementationSource of the nonce valueCspSettings interface used by theCspInterceptorto add the CSP header to the response.Default implementation ofCspSettings.Reads nonce value from session or request attribute.