Class ContentSecurityPolicyConfigurer
java.lang.Object
com.broadleafcommerce.auth.user.autoconfigure.ContentSecurityPolicyConfigurer
Responsible for configuring Content Security Policy (CSP) for
SecurityAutoConfiguration
.-
Field Summary
-
Constructor Summary
ConstructorDescriptionContentSecurityPolicyConfigurer
(AuthorizationServerProperties authorizationServerProperties) -
Method Summary
Modifier and TypeMethodDescriptionvoid
configure
(org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.ContentSecurityPolicyConfig config) IfisContentSecurityPolicyEnabled()
, this method will be invoked to configure the content security policy.protected AuthorizationServerProperties
protected String
protected String
protected String
protected String
protected String
getFrameAncestorsDirective
(AuthorizationServerProperties.ContentSecurityPolicyProperties properties) boolean
Whether or not content security policy behavior should be enabled.
-
Field Details
-
DEFAULT_SRC_DIRECTIVE_FMT
- See Also:
-
BASE_URI_DIRECTIVE_FMT
- See Also:
-
FRAME_ANCESTORS_DIRECTIVE_FMT
- See Also:
-
FORM_ACTION_DIRECTIVE_FMT
- See Also:
-
-
Constructor Details
-
ContentSecurityPolicyConfigurer
-
-
Method Details
-
isContentSecurityPolicyEnabled
public boolean isContentSecurityPolicyEnabled()Whether or not content security policy behavior should be enabled.- Returns:
- true if the behavior should be enabled, false otherwise
-
configure
public void configure(org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.ContentSecurityPolicyConfig config) IfisContentSecurityPolicyEnabled()
, this method will be invoked to configure the content security policy. This is typically invoked viaHeadersConfigurer.contentSecurityPolicy(Customizer)
.- Parameters:
config
- the content security policy configuration to customize
-
getCombinedDirectivesValue
-
getDefaultSrcDirective
@Nullable protected String getDefaultSrcDirective(AuthorizationServerProperties.ContentSecurityPolicyProperties properties) -
getBaseUriDirective
@Nullable protected String getBaseUriDirective(AuthorizationServerProperties.ContentSecurityPolicyProperties properties) -
getFrameAncestorsDirective
@Nullable protected String getFrameAncestorsDirective(AuthorizationServerProperties.ContentSecurityPolicyProperties properties) -
getFormActionDirective
@Nullable protected String getFormActionDirective(AuthorizationServerProperties.ContentSecurityPolicyProperties properties) -
getAuthorizationServerProperties
-