CspConfiguration (views 1.3.2 API)

java.lang.Object
- io.micronaut.views.csp.CspConfiguration

All Implemented Interfaces:: io.micronaut.core.util.Toggleable

@ConfigurationProperties(value="micronaut.views.csp")
public class CspConfiguration
extends java.lang.Object
implements io.micronaut.core.util.Toggleable

Defines CSP configuration properties.

Since:: 1.1
Author:: Arul Dhesiaseelan

Field Summary

Fields
Modifier and Type	Field and Description
`static java.util.Base64.Encoder`	`BASE64_ENCODER` Default Base64 encoder.
`static boolean`	`DEFAULT_ENABLE_NONCE`
`static boolean`	`DEFAULT_ENABLED`
`static java.lang.String`	`DEFAULT_FILTER_PATH`
`static boolean`	`DEFAULT_FORCE_SECURE_RANDOM`
`static boolean`	`DEFAULT_REPORT_ONLY`
`static java.lang.String`	`FILTER_PATH` The path for endpoints settings.
`static int`	`NONCE_LENGTH` Length of generated CSP nonce values.
`static java.lang.String`	`PREFIX` The prefix for csp configuration.

Constructor Summary

Constructors
Constructor and Description

CspConfiguration()

Constructors
Constructor and Description
`CspConfiguration()`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`java.lang.String`	`generateNonce()` Generate a nonce value for use in a Content-Security-Policy header, which is usable for one request/response cycle.
`java.lang.String`	`getFilterPath()`
`java.util.Optional<java.lang.String>`	`getPolicyDirectives()`
`java.util.Random`	`getRandomEngine()`
`boolean`	`isEnabled()`
`boolean`	`isForceSecureRandomEnabled()`
`boolean`	`isNonceEnabled()`
`boolean`	`isReportOnly()`
`void`	`setEnabled(boolean enabled)` Sets whether CSP is enabled.
`void`	`setFilterPath(java.lang.String filterPath)` Sets the path the CSP filter should apply to.
`void`	`setForceSecureRandom(boolean forceSecureRandom)` Sets whether `SecureRandom` is forced for use in generated nonce values.
`void`	`setGenerateNonce(boolean generateNonce)` If true, the CSP header will contain a generated nonce that is made available to view renderers.
`void`	`setPolicyDirectives(java.lang.String policyDirectives)` Sets the policy directives.
`void`	`setRandomEngine(java.util.Random randomEngine)` Sets the `Random` data engine used to generate nonce values.
`void`	`setReportOnly(boolean reportOnly)` If true, the Content-Security-Policy-Report-Only header will be sent instead of Content-Security-Policy.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - NONCE_LENGTH
```
public static final int NONCE_LENGTH
```
    Length of generated CSP nonce values. Must be a multiple of 8.
    
    See Also:
    
    Constant Field Values
  - BASE64_ENCODER
```
public static final java.util.Base64.Encoder BASE64_ENCODER
```
    Default Base64 encoder.
  - PREFIX
```
public static final java.lang.String PREFIX
```
    The prefix for csp configuration.
    
    See Also:
    
    Constant Field Values
  - FILTER_PATH
```
public static final java.lang.String FILTER_PATH
```
    The path for endpoints settings.
    
    See Also:
    
    Constant Field Values
  - DEFAULT_ENABLED
```
public static final boolean DEFAULT_ENABLED
```
    See Also:
    
    Constant Field Values
  - DEFAULT_REPORT_ONLY
```
public static final boolean DEFAULT_REPORT_ONLY
```
    See Also:
    
    Constant Field Values
  - DEFAULT_ENABLE_NONCE
```
public static final boolean DEFAULT_ENABLE_NONCE
```
    See Also:
    
    Constant Field Values
  - DEFAULT_FORCE_SECURE_RANDOM
```
public static final boolean DEFAULT_FORCE_SECURE_RANDOM
```
    See Also:
    
    Constant Field Values
  - DEFAULT_FILTER_PATH
```
public static final java.lang.String DEFAULT_FILTER_PATH
```
    See Also:
    
    Constant Field Values
- Constructor Detail
  - CspConfiguration
```
public CspConfiguration()
```
- Method Detail
  - isEnabled
```
public boolean isEnabled()
```
    Specified by:
    
    isEnabled in interface io.micronaut.core.util.Toggleable
    
    Returns:
    
    Whether csp headers will be sent
  - getPolicyDirectives
```
public java.util.Optional<java.lang.String> getPolicyDirectives()
```
    Returns:
    
    The policy directives
  - isReportOnly
```
public boolean isReportOnly()
```
    Returns:
    
    Whether the report only header should be set
  - isNonceEnabled
```
public boolean isNonceEnabled()
```
    Returns:
    
    Whether nonce generation is enabled for each request/response cycle
  - isForceSecureRandomEnabled
```
public boolean isForceSecureRandomEnabled()
```
    Returns:
    
    Whether use of SecureRandom is forced for nonce generation.
  - getRandomEngine
```
public java.util.Random getRandomEngine()
```
    Returns:
    
    Random data engine currently in use to generate nonce values.
  - setEnabled
```
public void setEnabled(boolean enabled)
```
    Sets whether CSP is enabled. Default false.
    
    Parameters:
    
    enabled - True if CSP is enabled
  - setPolicyDirectives
```
public void setPolicyDirectives(@Nullable
                                java.lang.String policyDirectives)
```
    Sets the policy directives.
    
    Parameters:
    
    policyDirectives - CSP policy directives
  - setReportOnly
```
public void setReportOnly(boolean reportOnly)
```
    If true, the Content-Security-Policy-Report-Only header will be sent instead of Content-Security-Policy. Default false.
    
    Parameters:
    
    reportOnly - set to true for reporting purpose only
  - setGenerateNonce
```
public void setGenerateNonce(boolean generateNonce)
```
    If true, the CSP header will contain a generated nonce that is made available to view renderers. The nonce should change for each request/response cycle and can be used by views to authorize inlined script blocks.
    
    Parameters:
    
    generateNonce - set to true to enable generation of nonces
  - setForceSecureRandom
```
public void setForceSecureRandom(boolean forceSecureRandom)
```
    Sets whether `SecureRandom` is forced for use in generated nonce values. Defaults to `false`. Enabling this requires careful consideration, because `SecureRandom` will block infinitely without enough entropy.
    
    Parameters:
    
    forceSecureRandom - set to true to force SecureRandom use for nonce values.
  - setRandomEngine
```
public void setRandomEngine(java.util.Random randomEngine)
```
    Sets the `Random` data engine used to generate nonce values. Ignored if `forceSecureRandom` is set to `true`.
    
    Parameters:
    
    randomEngine - Random data engine to use.
  - getFilterPath
```
public java.lang.String getFilterPath()
```
    Returns:
    
    The path the CSP filter should apply to
  - setFilterPath
```
public void setFilterPath(java.lang.String filterPath)
```
    Sets the path the CSP filter should apply to. Default value "/**".
    
    Parameters:
    
    filterPath - The filter path
  - generateNonce
```
public java.lang.String generateNonce()
```
    Generate a nonce value for use in a Content-Security-Policy header, which is usable for one request/response cycle. A good guide for generating nonce values: https://csp.withgoogle.com/docs/faq.html#generating-nonces
    
    Returns:
    
    Base64-encoded random nonce value.

Class CspConfiguration

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

NONCE_LENGTH

BASE64_ENCODER

PREFIX

FILTER_PATH

DEFAULT_ENABLED

DEFAULT_REPORT_ONLY

DEFAULT_ENABLE_NONCE

DEFAULT_FORCE_SECURE_RANDOM

DEFAULT_FILTER_PATH

Constructor Detail

CspConfiguration

Method Detail

isEnabled

getPolicyDirectives

isReportOnly

isNonceEnabled

isForceSecureRandomEnabled

getRandomEngine

setEnabled

setPolicyDirectives

setReportOnly

setGenerateNonce

setForceSecureRandom

setRandomEngine

getFilterPath

setFilterPath

generateNonce