Class CspInterceptor
java.lang.Object
com.opensymphony.xwork2.interceptor.AbstractInterceptor
org.apache.struts2.interceptor.csp.CspInterceptor
- All Implemented Interfaces:
ConditionalInterceptor
,Interceptor
,Serializable
Interceptor that implements Content Security Policy on incoming requests used to protect against
common XSS and data injection attacks. Uses
CspSettings
to add appropriate Content Security Policy header
to the response. These headers determine what the browser will consider a policy violation and the browser's behavior
when a violation occurs. A detailed explanation of CSP can be found here.-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionintercept
(ActionInvocation invocation) Override to handle interceptionvoid
setEnforcingMode
(boolean enforcingMode) Enables enforcing mode, by default all exceptions are only reportedvoid
setPrependServletContext
(boolean prependServletContext) Sets whether to prepend the servlet context path to thereportUri
.void
setReportUri
(String reportUri) Methods inherited from class com.opensymphony.xwork2.interceptor.AbstractInterceptor
destroy, init, setDisabled, shouldIntercept
-
Constructor Details
-
CspInterceptor
public CspInterceptor()
-
-
Method Details
-
intercept
Description copied from class:AbstractInterceptor
Override to handle interception- Specified by:
intercept
in interfaceInterceptor
- Specified by:
intercept
in classAbstractInterceptor
- Parameters:
invocation
- the action invocation- Returns:
- the return code, either returned from
ActionInvocation.invoke()
, or from the interceptor itself. - Throws:
Exception
- any system-level error, as defined inAction.execute()
.
-
setReportUri
-
setEnforcingMode
public void setEnforcingMode(boolean enforcingMode) Enables enforcing mode, by default all exceptions are only reported- Parameters:
enforcingMode
-true
to enable enforcing mode,false
to keep reporting mode.
-
setPrependServletContext
public void setPrependServletContext(boolean prependServletContext) Sets whether to prepend the servlet context path to thereportUri
.- Parameters:
prependServletContext
-true
to prepend the location with the servlet context path,false
otherwise.
-