Class DefaultCspSettings

java.lang.Object
org.apache.struts2.interceptor.csp.DefaultCspSettings
All Implemented Interfaces:
CspSettings

public class DefaultCspSettings extends Object implements CspSettings
Default implementation of CspSettings. The default policy implements strict CSP with a nonce based approach and follows the guide: https://csp.withgoogle.com/docs/index.html/
See Also:
  • Constructor Details

    • DefaultCspSettings

      public DefaultCspSettings()
  • Method Details

    • addCspHeaders

      public void addCspHeaders(jakarta.servlet.http.HttpServletResponse response)
      Specified by:
      addCspHeaders in interface CspSettings
    • addCspHeaders

      public void addCspHeaders(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
      Specified by:
      addCspHeaders in interface CspSettings
    • setEnforcingMode

      public void setEnforcingMode(boolean enforcingMode)
      Description copied from interface: CspSettings
      Sets CSP headers in enforcing mode when true, and report-only when false
      Specified by:
      setEnforcingMode in interface CspSettings
    • setReportUri

      public void setReportUri(String reportUri)
      Description copied from interface: CspSettings
      Sets the uri where csp violation reports will be sent
      Specified by:
      setReportUri in interface CspSettings
    • toString

      public String toString()
      Overrides:
      toString in class Object