Class ContentSecurityPolicyFilter
java.lang.Object
net.sf.basedb.clients.web.servlet.ContentSecurityPolicyFilter
- All Implemented Interfaces:
Filter
This is a filter that sets the "Content-Security-Policy" header
in the http response. See http://base.thep.lu.se/ticket/1712
for more information.
- Since:
- 3.3
- Author:
- Nicklas
- Last modified
- $Date$
-
Field Summary
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionprivate String
addReportUriIfNeeded
(String policy, FilterConfig config) void
destroy()
void
doFilter
(ServletRequest request, ServletResponse response, FilterChain chain) void
init
(FilterConfig config) static boolean
Checks if the current policy allows 'unsafe-inline' for the 'script-src' attribute.static void
setSafeResources
(String jarName, boolean safeResources) Set a flag indicating if resources from the given extension JAR file are should use the regular policy or the 'unsafe-resources' policy.
-
Field Details
-
UNSAFE_INLINE_SCRIPTS_ARE_ALLOWED
private static boolean UNSAFE_INLINE_SCRIPTS_ARE_ALLOWED -
unsafeResources
-
PATH_MATCH
-
policy
-
unsafeResourcesPolicy
-
reportOnly
private boolean reportOnly -
cspHeader
-
-
Constructor Details
-
ContentSecurityPolicyFilter
public ContentSecurityPolicyFilter()
-
-
Method Details
-
isUnsafeInlineScriptsAllowed
public static boolean isUnsafeInlineScriptsAllowed()Checks if the current policy allows 'unsafe-inline' for the 'script-src' attribute. If not we need to check extensions and display a warning to the admin that the extension may not work. -
setSafeResources
Set a flag indicating if resources from the given extension JAR file are should use the regular policy or the 'unsafe-resources' policy. -
init
-
destroy
public void destroy() -
doFilter
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException - Specified by:
doFilter
in interfaceFilter
- Throws:
IOException
ServletException
-
addReportUriIfNeeded
-