Content Security Policy Filter (Java)
===========================
Adds the 'Content-Security-Policy' or 'Content-Security-Policy-Report-Only' Header to the response.
Also see:
- http://content-security-policy.com/
- http://www.w3.org/TR/CSP/#directives
- https://developer.chrome.com/extensions/contentSecurityPolicy
- https://developer.mozilla.org/en-US/docs/Web/Security/CSP
Normally you will only need a limited number or none of the init parameters. If no init parameter is defined the Header will look like this:
Content-Security-Policy = default-src 'none'
Here is an example full configuration of the ContentSecurityPolicyFilter.
<filter>
<filter-name>ContentSecurityPolicyFilter</filter-name>
<filter-class>de.saville.csp.ContentSecurityPolicyFilter</filter-class>
<init-param>
<!-- If not specified the default is false -->
<param-name>report-only</param-name>
<param-value>false</param-value>
</init-param>
<!-- Optionally add a reporter-uri -->
<init-param>
<param-name>report-uri</param-name>
<param-value>/ContentSecurityPolicyReporter</param-value>
</init-param>
<init-param>
<param-name>sandbox</param-name>
<param-value>true</param-value>
<!-- true enables the sandbox behaviour - the default is false - one can also specify exceptions, e.g.
<param-value>allow-forms allow-same-origin</param-value>
-->
</init-param>
<!-- Remember that special keywords have to be put in single quotes, e.g. 'none', 'self' -->
<init-param>
<!-- If not specified the default is 'none' -->
<param-name>default-src</param-name>
<param-value>'none'</param-value>
</init-param>
<init-param>
<param-name>img-src</param-name>
<param-value>http://*.example.com</param-value>
</init-param>
<init-param>
<param-name>script-src</param-name>
<param-value>'self' js.example.com</param-value>
</init-param>
<init-param>
<param-name>style-src</param-name>
<param-value>'self'</param-value>
</init-param>
<init-param>
<param-name>connect-src</param-name>
<param-value>'self'</param-value>
</init-param>
<init-param>
<param-name>font-src</param-name>
<param-value>'self'</param-value>
</init-param>
<init-param>
<param-name>object-src</param-name>
<param-value>'self'</param-value>
</init-param>
<init-param>
<param-name>media-src</param-name>
<param-value>'self'</param-value>
</init-param>
<init-param>
<param-name>frame-src</param-name>
<param-value>'self'</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>ContentSecurityPolicyFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
Optionally configure a Servlet to log the CSP violations:
<servlet>
<servlet-name>ContentSecurityPolicyReporter</servlet-name>
<servlet-class>de.saville.csp.ContentSecurityPolicyReporter</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>ContentSecurityPolicyReporter</servlet-name>
<url-pattern>/ContentSecurityPolicyReporter</url-pattern>
</servlet-mapping>
没有合适的资源?快使用搜索试试~ 我知道了~
ContentSecurityPolicyFilter:一个可配置的Java Servlet过滤器,将“ Content-Sec...
共13个文件
prefs:3个
java:3个
gitignore:2个
需积分: 46 14 下载量 175 浏览量
2021-05-02
10:04:18
上传
评论
收藏 16KB ZIP 举报
温馨提示
内容安全策略过滤器(Java) 将“ Content-Security-Policy”或“ Content-Security-Policy-Report-Only”标头添加到响应中。 另请参阅: 通常,您只需要有限的数目,也不需要任何init参数。 如果未定义init参数,则Header将如下所示: Content-Security-Policy = default-src 'none' 这是ContentSecurityPolicyFilter的示例完整配置。 <filter> <filter>ContentSecurityPolicyFilter</filter> <filter>de.saville.csp.ContentSecurityPolicyFilter</filter>
资源推荐
资源详情
资源评论
收起资源包目录
ContentSecurityPolicyFilter-master.zip (13个子文件)
ContentSecurityPolicyFilter-master
pom.xml 2KB
LICENSE 11KB
.settings
org.eclipse.core.resources.prefs 115B
.gitignore 34B
org.sonar.ide.eclipse.core.prefs 431B
org.eclipse.jdt.core.prefs 238B
src
test
java
de
saville
csp
ContentSecurityPolicyFilterTest.java 8KB
main
java
de
saville
csp
ContentSecurityPolicyLoggingReporter.java 1KB
ContentSecurityPolicyFilter.java 10KB
.project 614B
.classpath 996B
.gitignore 202B
README.md 4KB
共 13 条
- 1
资源评论
A玩具爆款孙大帅
- 粉丝: 18
- 资源: 4712
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功