Class ContentSecurityPolicy

java.lang.Object
org.deltava.beans.system.ContentSecurityPolicy
public class ContentSecurityPolicy extends Object
A bean to store dynamic Content Security Policy data.
Since:
12.0
Version:
12.4
Author:
Luke

  • Field Details

  • Constructor Details

    • ContentSecurityPolicy

      public ContentSecurityPolicy(boolean enforce, String nonce)
      Creates the bean and populates default values.
      Parameters:
      enforce - TRUE if the CSP is enforced, otherwise FALSE for warn-only mode
      nonce - a nonce for inline script/style elements

  • Method Details

    • add

      public void add(ContentSecurity cs, String host)
      Adds an entry to this Security Policy.
      Parameters:
      cs - a ContentSecurity type
      host - a permitted host

    • setReportURI

      public void setReportURI(String group, String url)
      Updates a Reporting API endpoint for this Security Policy.
      Parameters:
      group - the group name
      url - the endpoint URL

    • hasReportURI

      public boolean hasReportURI()
      Returns whether a Reporting API endpoint has been defined for this Security Policy.
      Returns:
      TRUE if a URI has been defined, otherwise FALSE

    • getHeader

      public String getHeader()
      Returns the name of the CSP response header, which varies depending on enfrocement mode.
      Returns:
      the header name

    • getNonce

      public String getNonce()
      Returns the nonce used for inline script/style blocks.
      Returns:
      the nonce, or null if none

    • getReportHeader

      public String getReportHeader()
      Generates the value to place into Reporting API header.
      Returns:
      the Header value

    • getData

      public String getData()
      Generates the value to place into the Security Plicy HTTP header.
      Returns:
      the Header value