Class DefaultCspSettings
java.lang.Object
org.apache.struts2.interceptor.csp.DefaultCspSettings
- All Implemented Interfaces:
- CspSettings
Default implementation of 
CspSettings.
 The default policy implements strict CSP with a nonce based approach and follows the guide:
 https://csp.withgoogle.com/docs/index.html/
 You may extend or replace this class if you wish to customize the default policy further, and use your class
 by setting the CspInterceptor defaultCspSettingsClassName parameter. Actions that
 implement the CspSettingsAware interface will ignore the defaultCspSettingsClassName parameter.- See Also:
- 
Field SummaryFieldsFields inherited from interface org.apache.struts2.interceptor.csp.CspSettingsBASE_URI, CSP_ENFORCE_HEADER, CSP_REPORT_HEADER, CSP_REPORT_TYPE, HTTP, HTTPS, NONCE_RANDOM_LENGTH, NONE, OBJECT_SRC, REPORT_TO, REPORT_URI, SCRIPT_SRC, STRICT_DYNAMIC
- 
Constructor SummaryConstructors
- 
Method SummaryModifier and TypeMethodDescriptionvoidaddCspHeaders(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) protected StringcreatePolicyFormat(jakarta.servlet.http.HttpServletRequest request) protected StringgetNonceString(jakarta.servlet.http.HttpServletRequest request) voidsetEnforcingMode(boolean enforcingMode) Sets CSP headers in enforcing mode when true, and report-only when falsevoidsetReportTo(String reportTo) Sets the report group where csp violation reports will be sentvoidsetReportUri(String reportUri) Sets the uri where csp violation reports will be senttoString()
- 
Field Details- 
reportUri
- 
reportTo
- 
cspHeader
 
- 
- 
Constructor Details- 
DefaultCspSettingspublic DefaultCspSettings()
 
- 
- 
Method Details- 
addCspHeaderspublic void addCspHeaders(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) - Specified by:
- addCspHeadersin interface- CspSettings
 
- 
createPolicyFormat
- 
getNonceString
- 
setEnforcingModepublic void setEnforcingMode(boolean enforcingMode) Description copied from interface:CspSettingsSets CSP headers in enforcing mode when true, and report-only when false- Specified by:
- setEnforcingModein interface- CspSettings
 
- 
setReportUriDescription copied from interface:CspSettingsSets the uri where csp violation reports will be sent- Specified by:
- setReportUriin interface- CspSettings
 
- 
setReportToDescription copied from interface:CspSettingsSets the report group where csp violation reports will be sent- Specified by:
- setReportToin interface- CspSettings
 
- 
toString
 
-