@Filter(value="${micronaut.views.csp.filter-path:/**}")
public class CspFilter
extends java.lang.Object
implements io.micronaut.http.filter.HttpServerFilter
Provides support for Content Security Policy (CSP) Level 2.
Content Security Policy, a mechanism web applications can use to mitigate a broad class of content injection vulnerabilities, such as cross-site scripting (XSS). Content Security Policy is a declarative policy that lets the authors (or server administrators) if a web application inform the client about the sources from which the application expects to load resources.
To mitigate XSS attacks, for example, a web application can declare that it only expects to load scripts from specific, trusted sources. This declaration allows the client to detect and block malicious scripts injected into the application by an attacker.
This implementation of HttpServerFilter writes one of the following HTTP headers:
| Modifier and Type | Field and Description |
|---|---|
static java.lang.String |
CSP_HEADER |
static java.lang.String |
CSP_REPORT_ONLY_HEADER |
protected CspConfiguration |
cspConfiguration |
static java.lang.String |
NONCE_PROPERTY |
static java.lang.String |
NONCE_TOKEN |
| Constructor and Description |
|---|
CspFilter(CspConfiguration cspConfiguration) |
| Modifier and Type | Method and Description |
|---|---|
org.reactivestreams.Publisher<io.micronaut.http.MutableHttpResponse<?>> |
doFilter(io.micronaut.http.HttpRequest<?> request,
io.micronaut.http.filter.ServerFilterChain chain) |
public static final java.lang.String CSP_HEADER
public static final java.lang.String CSP_REPORT_ONLY_HEADER
public static final java.lang.String NONCE_PROPERTY
public static final java.lang.String NONCE_TOKEN
protected final CspConfiguration cspConfiguration
public CspFilter(CspConfiguration cspConfiguration)
cspConfiguration - The CspConfiguration instance