@Filter(value="${micronaut.views.csp.filter-path:/**}") public class CspFilter extends Object implements HttpServerFilter
Provides support for Content Security Policy (CSP) Level 2.
Content Security Policy, a mechanism web applications can use to mitigate a broad class of content injection vulnerabilities, such as cross-site scripting (XSS). Content Security Policy is a declarative policy that lets the authors (or server administrators) if a web application inform the client about the sources from which the application expects to load resources.
To mitigate XSS attacks, for example, a web application can declare that it only expects to load scripts from specific, trusted sources. This declaration allows the client to detect and block malicious scripts injected into the application by an attacker.
This implementation of HttpServerFilter
writes one of the following HTTP headers:
Modifier and Type | Field and Description |
---|---|
static String |
CSP_HEADER |
static String |
CSP_REPORT_ONLY_HEADER |
protected CspConfiguration |
cspConfiguration |
HIGHEST_PRECEDENCE, LOWEST_PRECEDENCE
Constructor and Description |
---|
CspFilter(CspConfiguration cspConfiguration) |
Modifier and Type | Method and Description |
---|---|
Publisher<MutableHttpResponse<?>> |
doFilter(HttpRequest<?> request,
ServerFilterChain chain)
Variation of the
HttpServerFilter.doFilter(HttpRequest, FilterChain) method that accepts a ServerFilterChain
which allows to mutate the outgoing HTTP response. |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
doFilter
public static final String CSP_HEADER
public static final String CSP_REPORT_ONLY_HEADER
protected final CspConfiguration cspConfiguration
public CspFilter(CspConfiguration cspConfiguration)
cspConfiguration
- The CspConfiguration
instancepublic Publisher<MutableHttpResponse<?>> doFilter(HttpRequest<?> request, ServerFilterChain chain)
HttpServerFilter
HttpServerFilter.doFilter(HttpRequest, FilterChain)
method that accepts a ServerFilterChain
which allows to mutate the outgoing HTTP response.doFilter
in interface HttpServerFilter
request
- The requestchain
- The chainPublisher
that emits a MutableHttpResponse
HttpServerFilter.doFilter(HttpRequest, FilterChain)