Package org.apache.wicket.csp
Class ContentSecurityPolicySettings
java.lang.Object
org.apache.wicket.csp.ContentSecurityPolicySettings
Build the CSP configuration like this:
myApplication.getCspSettings().blocking().clear()
.add(CSPDirective.DEFAULT_SRC, CSPDirectiveSrcValue.NONE)
.add(CSPDirective.SCRIPT_SRC, CSPDirectiveSrcValue.SELF)
.add(CSPDirective.IMG_SRC, CSPDirectiveSrcValue.SELF)
.add(CSPDirective.FONT_SRC, CSPDirectiveSrcValue.SELF));
myApplication.getCspSettings().reporting().strict();
See CSPHeaderConfiguration
for more details on specifying the configuration.- Author:
- Sven Haster, Emond Papegaaij
- See Also:
-
Field Summary
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionblocking()
protected String
Create a new nonce.void
enforce
(WebApplication application) Enforce CSP settings on an application.Returns the CSP configuration perCSPHeaderMode
.getNonce
(RequestCycle cycle) boolean
Is CSP enabled.final boolean
Returns true if any of the headers includes a directive with a nonce.protected boolean
mustProtectRequest
(IRequestHandler handler) Should any request be protected by CSP.setNonceCreator
(Supplier<String> nonceCreator) Sets the creator of nonces.setProtectedFilter
(Predicate<IRequestHandler> protectedFilter) Sets the predicate that determines which requests must be protected by the CSP.
-
Field Details
-
NONCE_KEY
-
-
Constructor Details
-
ContentSecurityPolicySettings
-
-
Method Details
-
blocking
-
reporting
-
setNonceCreator
Sets the creator of nonces.- Parameters:
nonceCreator
- The new creator, must not be null.- Returns:
this
for chaining.
-
setProtectedFilter
Sets the predicate that determines which requests must be protected by the CSP. When the predicate evaluates to false, the request will not be protected.- Parameters:
protectedFilter
- The new filter, must not be null.- Returns:
this
for chaining.
-
mustProtectRequest
Should any request be protected by CSP.- Parameters:
handler
-- Returns:
true
by default for allRenderPageRequestHandler
s- See Also:
-
isNonceEnabled
Returns true if any of the headers includes a directive with a nonce.- Returns:
- If a nonce is used in the CSP.
-
getNonce
-
createNonce
Create a new nonce.- Returns:
- nonce
- See Also:
-
getConfiguration
Returns the CSP configuration perCSPHeaderMode
.- Returns:
- the CSP configuration per
CSPHeaderMode
.
-
enforce
Enforce CSP settings on an application.- Parameters:
application
- application
-
isEnabled
Is CSP enabled.
-