public class DefaultCspSettings extends Object implements CspSettings
CspSettings.
The default policy implements strict CSP with a nonce based approach and follows the guide: https://csp.withgoogle.com/docs/index.html/CspSettings,
CspInterceptorBASE_URI, CSP_ENFORCE_HEADER, CSP_REPORT_HEADER, CSP_REPORT_TYPE, HTTP, HTTPS, NONCE_RANDOM_LENGTH, NONE, OBJECT_SRC, REPORT_URI, SCRIPT_SRC, STRICT_DYNAMIC| Constructor and Description |
|---|
DefaultCspSettings() |
| Modifier and Type | Method and Description |
|---|---|
void |
addCspHeaders(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response) |
void |
addCspHeaders(javax.servlet.http.HttpServletResponse response) |
void |
setEnforcingMode(boolean enforcingMode)
Sets CSP headers in enforcing mode when true, and report-only when false
|
void |
setReportUri(String reportUri)
Sets the uri where csp violation reports will be sent
|
String |
toString() |
public void addCspHeaders(javax.servlet.http.HttpServletResponse response)
addCspHeaders in interface CspSettingspublic void addCspHeaders(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
addCspHeaders in interface CspSettingspublic void setEnforcingMode(boolean enforcingMode)
CspSettingssetEnforcingMode in interface CspSettingspublic void setReportUri(String reportUri)
CspSettingssetReportUri in interface CspSettingsCopyright © 2000–2023 Apache Software Foundation. All rights reserved.