Class CspFilter

All Implemented Interfaces:
io.micronaut.core.order.Ordered, io.micronaut.http.filter.HttpFilter, io.micronaut.http.filter.HttpServerFilter

@Filter("${micronaut.views.csp.filter-path:/**}") @Requires(classes=io.micronaut.http.HttpRequest.class) public class CspFilter extends Object implements io.micronaut.http.filter.HttpServerFilter

Provides support for Content Security Policy (CSP) Level 2.

Content Security Policy, a mechanism web applications can use to mitigate a broad class of content injection vulnerabilities, such as cross-site scripting (XSS). Content Security Policy is a declarative policy that lets the authors (or server administrators) if a web application inform the client about the sources from which the application expects to load resources.

To mitigate XSS attacks, for example, a web application can declare that it only expects to load scripts from specific, trusted sources. This declaration allows the client to detect and block malicious scripts injected into the application by an attacker.

This implementation of HttpServerFilter writes one of the following HTTP headers:

  • Content-Security-Policy
  • Content-Security-Policy-Report-Only
Arul Dhesiaseelan
  • Field Details

  • Constructor Details

  • Method Details

    • doFilter

      public org.reactivestreams.Publisher<io.micronaut.http.MutableHttpResponse<?>> doFilter(io.micronaut.http.HttpRequest<?> request, io.micronaut.http.filter.ServerFilterChain chain)
      Specified by:
      doFilter in interface io.micronaut.http.filter.HttpServerFilter