Package io.micronaut.views.csp
Class CspConfiguration
java.lang.Object
io.micronaut.views.csp.CspConfiguration
- All Implemented Interfaces:
io.micronaut.core.util.Toggleable
@ConfigurationProperties("micronaut.views.csp")
public class CspConfiguration
extends Object
implements io.micronaut.core.util.Toggleable
Defines CSP configuration properties.
- Since:
- 1.1
- Author:
- Arul Dhesiaseelan
-
Field Summary
Modifier and TypeFieldDescriptionstatic final Base64.Encoder
Default Base64 encoder.static final boolean
static final boolean
static final String
static final boolean
static final boolean
static final String
The path for endpoints settings.static final int
Length of generated CSP nonce values.static final String
The prefix for csp configuration. -
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionGenerate a nonce value for use in a Content-Security-Policy header, which is usable for one request/response cycle.The path the CSP filter should apply to.Sets the policy directives.The `Random` data engine used to generate nonce values.boolean
boolean
boolean
boolean
If true, the Content-Security-Policy-Report-Only header will be sent instead of Content-Security-Policy.void
setEnabled
(boolean enabled) Sets whether CSP is enabled.void
setFilterPath
(String filterPath) Sets the path the CSP filter should apply to.void
setForceSecureRandom
(boolean forceSecureRandom) Sets whether `SecureRandom` is forced for use in generated nonce values.void
setGenerateNonce
(boolean generateNonce) If true, the CSP header will contain a generated nonce that is made available to view renderers.void
setPolicyDirectives
(@Nullable String policyDirectives) Sets the policy directives.void
setRandomEngine
(Random randomEngine) Sets the `Random` data engine used to generate nonce values.void
setReportOnly
(boolean reportOnly) If true, the Content-Security-Policy-Report-Only header will be sent instead of Content-Security-Policy.
-
Field Details
-
NONCE_LENGTH
public static final int NONCE_LENGTHLength of generated CSP nonce values. Must be a multiple of 8.- See Also:
-
BASE64_ENCODER
Default Base64 encoder. -
PREFIX
The prefix for csp configuration.- See Also:
-
FILTER_PATH
The path for endpoints settings.- See Also:
-
DEFAULT_ENABLED
public static final boolean DEFAULT_ENABLED- See Also:
-
DEFAULT_REPORT_ONLY
public static final boolean DEFAULT_REPORT_ONLY- See Also:
-
DEFAULT_ENABLE_NONCE
public static final boolean DEFAULT_ENABLE_NONCE- See Also:
-
DEFAULT_FORCE_SECURE_RANDOM
public static final boolean DEFAULT_FORCE_SECURE_RANDOM- See Also:
-
DEFAULT_FILTER_PATH
- See Also:
-
-
Constructor Details
-
CspConfiguration
public CspConfiguration()
-
-
Method Details
-
isEnabled
public boolean isEnabled()- Specified by:
isEnabled
in interfaceio.micronaut.core.util.Toggleable
-
getPolicyDirectives
Sets the policy directives.- Returns:
- The policy directives
-
isReportOnly
public boolean isReportOnly()If true, the Content-Security-Policy-Report-Only header will be sent instead of Content-Security-Policy. Default value (false).- Returns:
- Whether the report only header should be set
-
isNonceEnabled
public boolean isNonceEnabled()- Returns:
- Whether nonce generation is enabled for each request/response cycle
-
isForceSecureRandomEnabled
public boolean isForceSecureRandomEnabled()- Returns:
- Whether use of
SecureRandom
is forced for nonce generation.
-
getRandomEngine
The `Random` data engine used to generate nonce values. Ignored if `forceSecureRandom` is set to `true`.- Returns:
- Random data engine currently in use to generate nonce values.
-
setEnabled
public void setEnabled(boolean enabled) Sets whether CSP is enabled. Default value (false).- Parameters:
enabled
- True if CSP is enabled
-
setPolicyDirectives
Sets the policy directives.- Parameters:
policyDirectives
- CSP policy directives
-
setReportOnly
public void setReportOnly(boolean reportOnly) If true, the Content-Security-Policy-Report-Only header will be sent instead of Content-Security-Policy. Default value (false).- Parameters:
reportOnly
- set to true for reporting purpose only
-
setGenerateNonce
public void setGenerateNonce(boolean generateNonce) If true, the CSP header will contain a generated nonce that is made available to view renderers. The nonce should change for each request/response cycle and can be used by views to authorize inlined script blocks.- Parameters:
generateNonce
- set to true to enable generation of nonces
-
setForceSecureRandom
public void setForceSecureRandom(boolean forceSecureRandom) Sets whether `SecureRandom` is forced for use in generated nonce values. Defaults to (false). Enabling this requires careful consideration, because `SecureRandom` will block infinitely without enough entropy.- Parameters:
forceSecureRandom
- set to true to forceSecureRandom
use for nonce values.
-
setRandomEngine
Sets the `Random` data engine used to generate nonce values. Ignored if `forceSecureRandom` is set to `true`.- Parameters:
randomEngine
- Random data engine to use.
-
getFilterPath
The path the CSP filter should apply to. Default value ("/**").- Returns:
- The path the CSP filter should apply to
-
setFilterPath
Sets the path the CSP filter should apply to. Default value ("/**").- Parameters:
filterPath
- The filter path
-
generateNonce
Generate a nonce value for use in a Content-Security-Policy header, which is usable for one request/response cycle.- Returns:
- Base64-encoded random nonce value.
-