Class CspInterceptor
java.lang.Object
org.apache.struts2.interceptor.AbstractInterceptor
org.apache.struts2.interceptor.csp.CspInterceptor
- All Implemented Interfaces:
- Serializable,- ConditionalInterceptor,- Interceptor
Interceptor that implements Content Security Policy on incoming requests used to protect against
 common XSS and data injection attacks. Uses 
CspSettings to add appropriate Content Security Policy header
 to the response. These headers determine what the browser will consider a policy violation and the browser's behavior
 when a violation occurs. A detailed explanation of CSP can be found here.- 
Constructor SummaryConstructors
- 
Method SummaryModifier and TypeMethodDescriptionintercept(ActionInvocation invocation) Override to handle interceptionvoidsetCspSettingsClassName(String cspSettingsClassName) Sets the class name of the defaultCspSettingsimplementation to use when the action does not set its own values.voidsetEnforcingMode(boolean enforcingMode) Enables enforcing mode, by default all exceptions are only reportedvoidsetPrependServletContext(boolean prependServletContext) Sets whether to prepend the servlet context path to thereportUri.voidsetReportTo(String reportTo) Sets the report group where csp violation reports will be sent.voidsetReportUri(String reportUri) Methods inherited from class org.apache.struts2.interceptor.AbstractInterceptordestroy, init, setDisabled, shouldIntercept
- 
Constructor Details- 
CspInterceptorpublic CspInterceptor()
 
- 
- 
Method Details- 
interceptDescription copied from class:AbstractInterceptorOverride to handle interception- Specified by:
- interceptin interface- Interceptor
- Specified by:
- interceptin class- AbstractInterceptor
- Parameters:
- invocation- the action invocation
- Returns:
- the return code, either returned from ActionInvocation.invoke(), or from the interceptor itself.
- Throws:
- Exception- any system-level error, as defined in- Action.execute().
 
- 
setReportUri
- 
setReportToSets the report group where csp violation reports will be sent. This will only be used if the reportUri is set.- Parameters:
- reportTo- the report group where csp violation reports will be sent
- Since:
- Struts 6.5.0
 
- 
setEnforcingModepublic void setEnforcingMode(boolean enforcingMode) Enables enforcing mode, by default all exceptions are only reported- Parameters:
- enforcingMode-- trueto enable enforcing mode,- falseto keep reporting mode.
 
- 
setPrependServletContextpublic void setPrependServletContext(boolean prependServletContext) Sets whether to prepend the servlet context path to thereportUri.- Parameters:
- prependServletContext-- trueto prepend the location with the servlet context path,- falseotherwise.
 
- 
setCspSettingsClassNameSets the class name of the defaultCspSettingsimplementation to use when the action does not set its own values. If not set, the default isDefaultCspSettings.- Since:
- Struts 6.5.0
 
 
-