CSPHeaderConfiguration |
CSPHeaderConfiguration.add(CSPDirective directive,
String... values) |
Adds a free-form value to a directive for the CSP header.
|
CSPHeaderConfiguration |
CSPHeaderConfiguration.add(CSPDirective directive,
CSPRenderable... values) |
Adds the given values to the CSP directive on this configuraiton.
|
CSPHeaderConfiguration |
ContentSecurityPolicySettings.blocking() |
|
CSPHeaderConfiguration |
CSPHeaderConfiguration.clear() |
Removes all CSP directives from the configuration.
|
CSPHeaderConfiguration |
CSPHeaderConfiguration.disabled() |
Removes all directives from the CSP, returning an empty configuration.
|
CSPHeaderConfiguration |
CSPHeaderConfiguration.remove(CSPDirective directive) |
Removes the given directive from the configuration.
|
CSPHeaderConfiguration |
CSPHeaderConfiguration.reportBack() |
Configures the CSP to report violations back at the application.
|
CSPHeaderConfiguration |
CSPHeaderConfiguration.reportBackAt(String mountPath) |
Configures the CSP to report violations at the specified relative URI.
|
CSPHeaderConfiguration |
ContentSecurityPolicySettings.reporting() |
|
CSPHeaderConfiguration |
CSPHeaderConfiguration.setAddLegacyHeaders(boolean addLegacyHeaders) |
Enable legacy X-Content-Security-Policy headers for older browsers, such as IE.
|
CSPHeaderConfiguration |
CSPHeaderConfiguration.strict() |
Builds a strict, very secure CSP configuration with the following directives:
default-src 'none'; script-src 'strict-dynamic' 'nonce-XYZ';
style-src 'nonce-XYZ'; img-src 'self'; connect-src 'self';
font-src 'self'; manifest-src 'self'; child-src 'self';
frame-src 'self' base-uri 'self' .
|
CSPHeaderConfiguration |
CSPHeaderConfiguration.unsafeInline() |
Builds a CSP configuration with the following directives: default-src 'none';
script-src 'self' 'unsafe-inline' 'unsafe-eval';
style-src 'self' 'unsafe-inline'; img-src 'self'; connect-src 'self';
font-src 'self'; manifest-src 'self'; child-src 'self';
frame-src 'self' base-uri 'self' .
|