Package org.apache.wicket.protocol.http
Class FetchMetadataResourceIsolationPolicy
- java.lang.Object
-
- org.apache.wicket.protocol.http.FetchMetadataResourceIsolationPolicy
-
- All Implemented Interfaces:
IResourceIsolationPolicy
public class FetchMetadataResourceIsolationPolicy extends Object implements IResourceIsolationPolicy
Default resource isolation policy used inResourceIsolationRequestCycleListener
, based on https://web.dev/fetch-metadata/.- Author:
- Santiago Diaz - saldiaz@google.com, Ecenaz Jen Ozmen - ecenazo@google.com
- See Also:
- https://web.dev/fetch-metadata/
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from interface org.apache.wicket.protocol.http.IResourceIsolationPolicy
IResourceIsolationPolicy.ResourceIsolationOutcome
-
-
Field Summary
Fields Modifier and Type Field Description static String
CORS
static String
CROSS_SITE
static String
DEST_DOCUMENT
static String
DEST_EMBED
static String
DEST_IMAGE
static String
DEST_OBJECT
static String
DEST_SCRIPT
static String
MODE_NAVIGATE
static String
MODE_NO_CORS
static String
NONE
static String
SAME_ORIGIN
static String
SAME_SITE
static String
SEC_FETCH_DEST_HEADER
static String
SEC_FETCH_MODE_HEADER
static String
SEC_FETCH_SITE_HEADER
static String
VARY_HEADER
-
Constructor Summary
Constructors Constructor Description FetchMetadataResourceIsolationPolicy()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description IResourceIsolationPolicy.ResourceIsolationOutcome
isRequestAllowed(javax.servlet.http.HttpServletRequest request, IRequestablePage targetPage)
Is the given request allowed.void
setHeaders(javax.servlet.http.HttpServletResponse response)
Set vary headers to avoid caching responses processed by Fetch Metadata.
-
-
-
Field Detail
-
SEC_FETCH_SITE_HEADER
public static final String SEC_FETCH_SITE_HEADER
- See Also:
- Constant Field Values
-
SEC_FETCH_MODE_HEADER
public static final String SEC_FETCH_MODE_HEADER
- See Also:
- Constant Field Values
-
SEC_FETCH_DEST_HEADER
public static final String SEC_FETCH_DEST_HEADER
- See Also:
- Constant Field Values
-
SAME_ORIGIN
public static final String SAME_ORIGIN
- See Also:
- Constant Field Values
-
SAME_SITE
public static final String SAME_SITE
- See Also:
- Constant Field Values
-
NONE
public static final String NONE
- See Also:
- Constant Field Values
-
MODE_NAVIGATE
public static final String MODE_NAVIGATE
- See Also:
- Constant Field Values
-
MODE_NO_CORS
public static final String MODE_NO_CORS
- See Also:
- Constant Field Values
-
DEST_OBJECT
public static final String DEST_OBJECT
- See Also:
- Constant Field Values
-
DEST_EMBED
public static final String DEST_EMBED
- See Also:
- Constant Field Values
-
CROSS_SITE
public static final String CROSS_SITE
- See Also:
- Constant Field Values
-
CORS
public static final String CORS
- See Also:
- Constant Field Values
-
DEST_DOCUMENT
public static final String DEST_DOCUMENT
- See Also:
- Constant Field Values
-
DEST_SCRIPT
public static final String DEST_SCRIPT
- See Also:
- Constant Field Values
-
DEST_IMAGE
public static final String DEST_IMAGE
- See Also:
- Constant Field Values
-
VARY_HEADER
public static final String VARY_HEADER
- See Also:
- Constant Field Values
-
-
Constructor Detail
-
FetchMetadataResourceIsolationPolicy
public FetchMetadataResourceIsolationPolicy()
-
-
Method Detail
-
isRequestAllowed
public IResourceIsolationPolicy.ResourceIsolationOutcome isRequestAllowed(javax.servlet.http.HttpServletRequest request, IRequestablePage targetPage)
Description copied from interface:IResourceIsolationPolicy
Is the given request allowed.- Specified by:
isRequestAllowed
in interfaceIResourceIsolationPolicy
- Parameters:
request
- requesttargetPage
- targeted page- Returns:
- outcome, must not be
null
-
setHeaders
public void setHeaders(javax.servlet.http.HttpServletResponse response)
Set vary headers to avoid caching responses processed by Fetch Metadata.Caching these responses may return 403 responses to legitimate requests defeat the protection.
- Specified by:
setHeaders
in interfaceIResourceIsolationPolicy
-
-