CspFilter (micronaut 1.1.4 API)

Skip navigation links

Prev Class
Next Class

All Classes

Summary:
Nested |
Field |
Constr |
Method

Detail:
Field |
Constr |
Method

java.lang.Object
- io.micronaut.views.csp.CspFilter

All Implemented Interfaces:

Ordered, HttpFilter, HttpServerFilter
```
@Filter(value="${micronaut.views.csp.filter-path:/**}")
public class CspFilter
extends Object
implements HttpServerFilter
```
Provides support for Content Security Policy (CSP) Level 2.

Content Security Policy, a mechanism web applications can use to mitigate a broad class of content injection vulnerabilities, such as cross-site scripting (XSS). Content Security Policy is a declarative policy that lets the authors (or server administrators) if a web application inform the client about the sources from which the application expects to load resources.

To mitigate XSS attacks, for example, a web application can declare that it only expects to load scripts from specific, trusted sources. This declaration allows the client to detect and block malicious scripts injected into the application by an attacker.

This implementation of HttpServerFilter writes one of the following HTTP headers:
- Content-Security-Policy
- Content-Security-Policy-Report-Only
Since:

1.1.0

Author:

Arul Dhesiaseelan

Field Summary

Fields
Modifier and Type Field and Description

static String CSP_HEADER

static String CSP_REPORT_ONLY_HEADER

protected CspConfiguration cspConfiguration
- Fields inherited from interface io.micronaut.core.order.Ordered
  HIGHEST_PRECEDENCE, LOWEST_PRECEDENCE

Constructor Summary

Constructors
Constructor and Description

CspFilter(CspConfiguration cspConfiguration)

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`Publisher<MutableHttpResponse<?>>`	`doFilter(HttpRequest<?> request, ServerFilterChain chain)` Variation of the `HttpServerFilter.doFilter(HttpRequest, FilterChain)` method that accepts a `ServerFilterChain` which allows to mutate the outgoing HTTP response.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface io.micronaut.http.filter.HttpServerFilter
doFilter

Methods inherited from interface io.micronaut.core.order.Ordered
getOrder

- Field Detail
  - CSP_HEADER
```
public static final String CSP_HEADER
```
    See Also:
    
    Constant Field Values
  - CSP_REPORT_ONLY_HEADER
```
public static final String CSP_REPORT_ONLY_HEADER
```
    See Also:
    
    Constant Field Values
  - cspConfiguration
```
protected final CspConfiguration cspConfiguration
```
- Constructor Detail
  - CspFilter
```
public CspFilter(CspConfiguration cspConfiguration)
```
    Parameters:
    
    cspConfiguration - The CspConfiguration instance
- Method Detail
  - doFilter
```
public Publisher<MutableHttpResponse<?>> doFilter(HttpRequest<?> request,
                                                  ServerFilterChain chain)
```
    Description copied from interface: HttpServerFilter
    
    Variation of the HttpServerFilter.doFilter(HttpRequest, FilterChain) method that accepts a ServerFilterChain which allows to mutate the outgoing HTTP response.
    
    Specified by:
    
    doFilter in interface HttpServerFilter
    
    Parameters:
    
    request - The request
    
    chain - The chain
    
    Returns:
    
    A Publisher that emits a MutableHttpResponse
    
    See Also:
    
    HttpServerFilter.doFilter(HttpRequest, FilterChain)

Skip navigation links

Prev Class
Next Class

All Classes

Summary:
Nested |
Field |
Constr |
Method

Detail:
Field |
Constr |
Method