Class ContentSecurityPolicyFilter
java.lang.Object
net.sf.basedb.clients.web.servlet.ContentSecurityPolicyFilter
- All Implemented Interfaces:
Filter
public final class ContentSecurityPolicyFilter extends Object implements Filter
This is a filter that sets the "Content-Security-Policy" header
in the http response. See http://base.thep.lu.se/ticket/1712
for more information.
- Since:
- 3.3
- Author:
- Nicklas
- Last modified
- $Date$
-
Field Summary
Fields Modifier and Type Field Description private String
cspHeader
private static Pattern
PATH_MATCH
private String
policy
private boolean
reportOnly
private static boolean
UNSAFE_INLINE_SCRIPTS_ARE_ALLOWED
private static Set<String>
unsafeResources
private String
unsafeResourcesPolicy
-
Constructor Summary
Constructors Constructor Description ContentSecurityPolicyFilter()
-
Method Summary
Modifier and Type Method Description private String
addReportUriIfNeeded(String policy, FilterConfig config)
void
destroy()
void
doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
void
init(FilterConfig config)
static boolean
isUnsafeInlineScriptsAllowed()
Checks if the current policy allows 'unsafe-inline' for the 'script-src' attribute.static void
setSafeResources(String jarName, boolean safeResources)
Set a flag indicating if resources from the given extension JAR file are should use the regular policy or the 'unsafe-resources' policy.
-
Field Details
-
UNSAFE_INLINE_SCRIPTS_ARE_ALLOWED
private static boolean UNSAFE_INLINE_SCRIPTS_ARE_ALLOWED -
unsafeResources
-
PATH_MATCH
-
policy
-
unsafeResourcesPolicy
-
reportOnly
private boolean reportOnly -
cspHeader
-
-
Constructor Details
-
ContentSecurityPolicyFilter
public ContentSecurityPolicyFilter()
-
-
Method Details
-
isUnsafeInlineScriptsAllowed
public static boolean isUnsafeInlineScriptsAllowed()Checks if the current policy allows 'unsafe-inline' for the 'script-src' attribute. If not we need to check extensions and display a warning to the admin that the extension may not work. -
setSafeResources
Set a flag indicating if resources from the given extension JAR file are should use the regular policy or the 'unsafe-resources' policy. -
init
-
destroy
public void destroy() -
doFilter
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException- Specified by:
doFilter
in interfaceFilter
- Throws:
IOException
ServletException
-
addReportUriIfNeeded
-