Module org.apache.wicket.core
Package org.apache.wicket.protocol.http
Class FetchMetadataResourceIsolationPolicy
java.lang.Object
org.apache.wicket.protocol.http.FetchMetadataResourceIsolationPolicy
- All Implemented Interfaces:
IResourceIsolationPolicy
public class FetchMetadataResourceIsolationPolicy
extends Object
implements IResourceIsolationPolicy
Default resource isolation policy used in
ResourceIsolationRequestCycleListener
,
based on https://web.dev/fetch-metadata/.- Author:
- Santiago Diaz - saldiaz@google.com, Ecenaz Jen Ozmen - ecenazo@google.com
- See Also:
-
Nested Class Summary
Nested classes/interfaces inherited from interface org.apache.wicket.protocol.http.IResourceIsolationPolicy
IResourceIsolationPolicy.ResourceIsolationOutcome
-
Field Summary
Modifier and TypeFieldDescriptionstatic final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionisRequestAllowed
(jakarta.servlet.http.HttpServletRequest request, IRequestablePage targetPage) Is the given request allowed.void
setHeaders
(jakarta.servlet.http.HttpServletResponse response) Set vary headers to avoid caching responses processed by Fetch Metadata.
-
Field Details
-
SEC_FETCH_SITE_HEADER
- See Also:
-
SEC_FETCH_MODE_HEADER
- See Also:
-
SEC_FETCH_DEST_HEADER
- See Also:
-
SAME_ORIGIN
- See Also:
-
SAME_SITE
- See Also:
-
NONE
- See Also:
-
MODE_NAVIGATE
- See Also:
-
MODE_NO_CORS
- See Also:
-
DEST_OBJECT
- See Also:
-
DEST_EMBED
- See Also:
-
CROSS_SITE
- See Also:
-
CORS
- See Also:
-
DEST_DOCUMENT
- See Also:
-
DEST_SCRIPT
- See Also:
-
DEST_IMAGE
- See Also:
-
VARY_HEADER
- See Also:
-
-
Constructor Details
-
FetchMetadataResourceIsolationPolicy
public FetchMetadataResourceIsolationPolicy()
-
-
Method Details
-
isRequestAllowed
public IResourceIsolationPolicy.ResourceIsolationOutcome isRequestAllowed(jakarta.servlet.http.HttpServletRequest request, IRequestablePage targetPage) Description copied from interface:IResourceIsolationPolicy
Is the given request allowed.- Specified by:
isRequestAllowed
in interfaceIResourceIsolationPolicy
- Parameters:
request
- requesttargetPage
- targeted page- Returns:
- outcome, must not be
null
-
setHeaders
Set vary headers to avoid caching responses processed by Fetch Metadata.Caching these responses may return 403 responses to legitimate requests defeat the protection.
- Specified by:
setHeaders
in interfaceIResourceIsolationPolicy
-