Uses of Class
org.apache.wicket.csp.CSPHeaderConfiguration
Packages that use CSPHeaderConfiguration
-
Uses of CSPHeaderConfiguration in org.apache.wicket.csp
Methods in org.apache.wicket.csp that return CSPHeaderConfigurationModifier and TypeMethodDescriptionCSPHeaderConfiguration.add
(CSPDirective directive, String... values) Adds a free-form value to a directive for the CSP header.CSPHeaderConfiguration.add
(CSPDirective directive, CSPRenderable... values) Adds the given values to the CSP directive on this configuraiton.ContentSecurityPolicySettings.blocking()
CSPHeaderConfiguration.clear()
Removes all CSP directives from the configuration.CSPHeaderConfiguration.disabled()
Removes all directives from the CSP, returning an empty configuration.CSPHeaderConfiguration.remove
(CSPDirective directive) Removes the given directive from the configuration.CSPHeaderConfiguration.reportBack()
Configures the CSP to report violations back at the application.CSPHeaderConfiguration.reportBackAt
(String mountPath) Configures the CSP to report violations at the specified relative URI.ContentSecurityPolicySettings.reporting()
CSPHeaderConfiguration.setAddLegacyHeaders
(boolean addLegacyHeaders) Enable legacyX-Content-Security-Policy
headers for older browsers, such as IE.CSPHeaderConfiguration.strict()
Builds a strict, very secure CSP configuration with the following directives:default-src 'none';
script-src 'strict-dynamic' 'nonce-XYZ';
style-src 'nonce-XYZ';
img-src 'self';
connect-src 'self';
font-src 'self';
manifest-src 'self';
child-src 'self';
frame-src 'self'
base-uri 'self'
.CSPHeaderConfiguration.unsafeInline()
Builds a CSP configuration with the following directives:default-src 'none';
script-src 'self' 'unsafe-inline' 'unsafe-eval';
style-src 'self' 'unsafe-inline';
img-src 'self';
connect-src 'self';
font-src 'self';
manifest-src 'self';
child-src 'self';
frame-src 'self'
base-uri 'self'
.Methods in org.apache.wicket.csp that return types with arguments of type CSPHeaderConfigurationModifier and TypeMethodDescriptionContentSecurityPolicySettings.getConfiguration()
Returns the CSP configuration perCSPHeaderMode
.Constructors in org.apache.wicket.csp with parameters of type CSPHeaderConfigurationModifierConstructorDescriptionClonedCSPValue
(CSPHeaderConfiguration headerConfiguration, CSPDirective sourceDirective) Creates a newClonedCSPValue
for the given directive.