Class CspFilter
- All Implemented Interfaces:
io.micronaut.core.order.Ordered
,io.micronaut.http.filter.HttpFilter
,io.micronaut.http.filter.HttpServerFilter
Provides support for Content Security Policy (CSP) Level 2.
Content Security Policy, a mechanism web applications can use to mitigate a broad class of content injection vulnerabilities, such as cross-site scripting (XSS). Content Security Policy is a declarative policy that lets the authors (or server administrators) if a web application inform the client about the sources from which the application expects to load resources.
To mitigate XSS attacks, for example, a web application can declare that it only expects to load scripts from specific, trusted sources. This declaration allows the client to detect and block malicious scripts injected into the application by an attacker.
This implementation of HttpServerFilter
writes one of the following HTTP headers:
- Content-Security-Policy
- Content-Security-Policy-Report-Only
- Since:
- 1.1.0
- Author:
- Arul Dhesiaseelan
-
Field Summary
Modifier and TypeFieldDescriptionstatic final String
static final String
protected final CspConfiguration
static final String
static final String
Fields inherited from interface io.micronaut.core.order.Ordered
HIGHEST_PRECEDENCE, LOWEST_PRECEDENCE
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionorg.reactivestreams.Publisher<io.micronaut.http.MutableHttpResponse<?>>
doFilter
(io.micronaut.http.HttpRequest<?> request, io.micronaut.http.filter.ServerFilterChain chain) Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface io.micronaut.http.filter.HttpServerFilter
doFilter
Methods inherited from interface io.micronaut.core.order.Ordered
getOrder
-
Field Details
-
CSP_HEADER
- See Also:
-
CSP_REPORT_ONLY_HEADER
- See Also:
-
NONCE_PROPERTY
- See Also:
-
NONCE_TOKEN
- See Also:
-
cspConfiguration
-
-
Constructor Details
-
CspFilter
- Parameters:
cspConfiguration
- TheCspConfiguration
instance
-
-
Method Details
-
doFilter
public org.reactivestreams.Publisher<io.micronaut.http.MutableHttpResponse<?>> doFilter(io.micronaut.http.HttpRequest<?> request, io.micronaut.http.filter.ServerFilterChain chain) - Specified by:
doFilter
in interfaceio.micronaut.http.filter.HttpServerFilter
-