001/* 002 * Licensed to the Apache Software Foundation (ASF) under one or more 003 * contributor license agreements. See the NOTICE file distributed with 004 * this work for additional information regarding copyright ownership. 005 * The ASF licenses this file to You under the Apache License, Version 2.0 006 * (the "License"); you may not use this file except in compliance with 007 * the License. You may obtain a copy of the License at 008 * 009 * http://www.apache.org/licenses/LICENSE-2.0 010 * 011 * Unless required by applicable law or agreed to in writing, software 012 * distributed under the License is distributed on an "AS IS" BASIS, 013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 014 * See the License for the specific language governing permissions and 015 * limitations under the License. 016 */ 017package org.apache.wicket.coep; 018 019import org.apache.wicket.Application; 020import org.apache.wicket.protocol.http.WebApplication; 021import org.apache.wicket.util.lang.Args; 022 023import java.util.Arrays; 024import java.util.HashSet; 025import java.util.Set; 026 027/** 028 * Specifies the configuration for Cross-Origin Embedder Policy to be used for 029 * {@link CrossOriginEmbedderPolicyRequestCycleListener}. Users can specify the paths that should be exempt from COEP and 030 * one of 3 modes (<code>REPORTING, ENFORCING, DISABLED</code>) for the policy. The config object 031 * lives in {@link org.apache.wicket.settings.SecuritySettings}, users can specify their COOP 032 * preferences with the following lines in their application's {@link WebApplication#init()} method: 033 * 034 * <pre> 035 * @Override 036 * protected void init() 037 * { 038 * // ... 039 * getSecuritySettings().setCrossOriginEmbedderPolicyConfiguration(CoepMode.REPORTING, 040 * "EXEMPTED PATHS"); 041 * // ... 042 * } 043 * </pre> 044 * 045 * The config value will be read once at startup in {@link Application#initApplication()}, changing 046 * the configuration at runtime will have no effect of the COOP headers set. 047 * 048 * @author Santiago Diaz - [email protected] 049 * @author Ecenaz Jen Ozmen - [email protected] 050 * 051 * @see CrossOriginEmbedderPolicyRequestCycleListener 052 * @see org.apache.wicket.settings.SecuritySettings 053 */ 054public class CrossOriginEmbedderPolicyConfiguration 055{ 056 public enum CoepMode 057 { 058 ENFORCING("Cross-Origin-Embedder-Policy"), 059 REPORTING("Cross-Origin-Embedder-Policy-Report-Only"), 060 DISABLED(""); 061 062 final String header; 063 064 CoepMode(String header) 065 { 066 this.header = header; 067 } 068 } 069 070 private final Set<String> exemptions = new HashSet<>(); 071 private final CoepMode mode; 072 073 public CrossOriginEmbedderPolicyConfiguration(CoepMode mode, String... exemptions) 074 { 075 this.exemptions.addAll(Arrays.asList(exemptions)); 076 this.mode = Args.notNull(mode, "mode"); 077 } 078 079 public CrossOriginEmbedderPolicyConfiguration(CoepMode mode) 080 { 081 this.mode = Args.notNull(mode, "mode"); 082 } 083 084 public Set<String> getExemptions() 085 { 086 return exemptions; 087 } 088 089 public CoepMode getMode() 090 { 091 return mode; 092 } 093 094 public String getCoepHeader() 095 { 096 return mode.header; 097 } 098 099 public CrossOriginEmbedderPolicyConfiguration addExemptedPath(String path) 100 { 101 exemptions.add(path); 102 return this; 103 } 104 105 public boolean isEnabled() 106 { 107 return mode != CoepMode.DISABLED; 108 } 109}