io.micronaut.views.csp.CspFilter

All Implemented Interfaces:: io.micronaut.core.order.Ordered, io.micronaut.http.filter.HttpFilter, io.micronaut.http.filter.HttpServerFilter

@Filter("${micronaut.views.csp.filter-path:/**}") @Requires(classes=io.micronaut.http.HttpRequest.class) public class CspFilter extends Object implements io.micronaut.http.filter.HttpServerFilter

Provides support for Content Security Policy (CSP) Level 2.

Content Security Policy, a mechanism web applications can use to mitigate a broad class of content injection vulnerabilities, such as cross-site scripting (XSS). Content Security Policy is a declarative policy that lets the authors (or server administrators) if a web application inform the client about the sources from which the application expects to load resources.

To mitigate XSS attacks, for example, a web application can declare that it only expects to load scripts from specific, trusted sources. This declaration allows the client to detect and block malicious scripts injected into the application by an attacker.

This implementation of HttpServerFilter writes one of the following HTTP headers:

Content-Security-Policy
Content-Security-Policy-Report-Only

Since:: 1.1.0
Author:: Arul Dhesiaseelan

Field Summary

Fields

Modifier and Type

Field

Description

static final String

CSP_HEADER

static final String

CSP_REPORT_ONLY_HEADER

protected final CspConfiguration

cspConfiguration

static final String

NONCE_PROPERTY

static final String

NONCE_TOKEN

Fields inherited from interface io.micronaut.core.order.Ordered
HIGHEST_PRECEDENCE, LOWEST_PRECEDENCE
Constructor Summary

Constructors

Constructor

Description

CspFilter(CspConfiguration cspConfiguration)
Method Summary

Modifier and Type

Method

Description

org.reactivestreams.Publisher<io.micronaut.http.MutableHttpResponse<?>>

doFilter(io.micronaut.http.HttpRequest<?> request, io.micronaut.http.filter.ServerFilterChain chain)

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface io.micronaut.http.filter.HttpServerFilter
doFilter

Methods inherited from interface io.micronaut.core.order.Ordered
getOrder

Field Details
- CSP_HEADER
  
  public static final String CSP_HEADER
  See Also:
  
  Constant Field Values
- CSP_REPORT_ONLY_HEADER
  
  public static final String CSP_REPORT_ONLY_HEADER
  See Also:
  
  Constant Field Values
- NONCE_PROPERTY
  
  public static final String NONCE_PROPERTY
  See Also:
  
  Constant Field Values
- NONCE_TOKEN
  
  public static final String NONCE_TOKEN
  See Also:
  
  Constant Field Values
- cspConfiguration
  
  protected final CspConfiguration cspConfiguration
Constructor Details
- CspFilter
  
  public CspFilter(CspConfiguration cspConfiguration)
  
  Parameters:
  
  cspConfiguration - The CspConfiguration instance
Method Details
- doFilter
  
  public org.reactivestreams.Publisher<io.micronaut.http.MutableHttpResponse<?>> doFilter(io.micronaut.http.HttpRequest<?> request, io.micronaut.http.filter.ServerFilterChain chain)
  
  Specified by:
  
  doFilter in interface io.micronaut.http.filter.HttpServerFilter

Class CspFilter

Field Summary

Fields inherited from interface io.micronaut.core.order.Ordered

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Methods inherited from interface io.micronaut.http.filter.HttpServerFilter

Methods inherited from interface io.micronaut.core.order.Ordered

Field Details

CSP_HEADER

CSP_REPORT_ONLY_HEADER

NONCE_PROPERTY

NONCE_TOKEN

cspConfiguration

Constructor Details

CspFilter

Method Details

doFilter