Package org.apache.wicket.protocol.http
Class FetchMetadataResourceIsolationPolicy
- java.lang.Object
-
- org.apache.wicket.protocol.http.FetchMetadataResourceIsolationPolicy
-
- All Implemented Interfaces:
IResourceIsolationPolicy
public class FetchMetadataResourceIsolationPolicy extends Object implements IResourceIsolationPolicy
Default resource isolation policy used inResourceIsolationRequestCycleListener, based on https://web.dev/fetch-metadata/.- Author:
- Santiago Diaz - saldiaz@google.com, Ecenaz Jen Ozmen - ecenazo@google.com
- See Also:
- https://web.dev/fetch-metadata/
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from interface org.apache.wicket.protocol.http.IResourceIsolationPolicy
IResourceIsolationPolicy.ResourceIsolationOutcome
-
-
Field Summary
Fields Modifier and Type Field Description static StringCORSstatic StringCROSS_SITEstatic StringDEST_DOCUMENTstatic StringDEST_EMBEDstatic StringDEST_IMAGEstatic StringDEST_OBJECTstatic StringDEST_SCRIPTstatic StringMODE_NAVIGATEstatic StringMODE_NO_CORSstatic StringNONEstatic StringSAME_ORIGINstatic StringSAME_SITEstatic StringSEC_FETCH_DEST_HEADERstatic StringSEC_FETCH_MODE_HEADERstatic StringSEC_FETCH_SITE_HEADERstatic StringVARY_HEADER
-
Constructor Summary
Constructors Constructor Description FetchMetadataResourceIsolationPolicy()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description IResourceIsolationPolicy.ResourceIsolationOutcomeisRequestAllowed(javax.servlet.http.HttpServletRequest request, IRequestablePage targetPage)Is the given request allowed.voidsetHeaders(javax.servlet.http.HttpServletResponse response)Set vary headers to avoid caching responses processed by Fetch Metadata.
-
-
-
Field Detail
-
SEC_FETCH_SITE_HEADER
public static final String SEC_FETCH_SITE_HEADER
- See Also:
- Constant Field Values
-
SEC_FETCH_MODE_HEADER
public static final String SEC_FETCH_MODE_HEADER
- See Also:
- Constant Field Values
-
SEC_FETCH_DEST_HEADER
public static final String SEC_FETCH_DEST_HEADER
- See Also:
- Constant Field Values
-
SAME_ORIGIN
public static final String SAME_ORIGIN
- See Also:
- Constant Field Values
-
SAME_SITE
public static final String SAME_SITE
- See Also:
- Constant Field Values
-
NONE
public static final String NONE
- See Also:
- Constant Field Values
-
MODE_NAVIGATE
public static final String MODE_NAVIGATE
- See Also:
- Constant Field Values
-
MODE_NO_CORS
public static final String MODE_NO_CORS
- See Also:
- Constant Field Values
-
DEST_OBJECT
public static final String DEST_OBJECT
- See Also:
- Constant Field Values
-
DEST_EMBED
public static final String DEST_EMBED
- See Also:
- Constant Field Values
-
CROSS_SITE
public static final String CROSS_SITE
- See Also:
- Constant Field Values
-
CORS
public static final String CORS
- See Also:
- Constant Field Values
-
DEST_DOCUMENT
public static final String DEST_DOCUMENT
- See Also:
- Constant Field Values
-
DEST_SCRIPT
public static final String DEST_SCRIPT
- See Also:
- Constant Field Values
-
DEST_IMAGE
public static final String DEST_IMAGE
- See Also:
- Constant Field Values
-
VARY_HEADER
public static final String VARY_HEADER
- See Also:
- Constant Field Values
-
-
Constructor Detail
-
FetchMetadataResourceIsolationPolicy
public FetchMetadataResourceIsolationPolicy()
-
-
Method Detail
-
isRequestAllowed
public IResourceIsolationPolicy.ResourceIsolationOutcome isRequestAllowed(javax.servlet.http.HttpServletRequest request, IRequestablePage targetPage)
Description copied from interface:IResourceIsolationPolicyIs the given request allowed.- Specified by:
isRequestAllowedin interfaceIResourceIsolationPolicy- Parameters:
request- requesttargetPage- targeted page- Returns:
- outcome, must not be
null
-
setHeaders
public void setHeaders(javax.servlet.http.HttpServletResponse response)
Set vary headers to avoid caching responses processed by Fetch Metadata.Caching these responses may return 403 responses to legitimate requests defeat the protection.
- Specified by:
setHeadersin interfaceIResourceIsolationPolicy
-
-