diff options
author | Valerij Fredriksen <valerijf@yahooinc.com> | 2022-06-27 12:02:55 +0200 |
---|---|---|
committer | Valerij Fredriksen <valerijf@yahooinc.com> | 2022-06-27 12:02:55 +0200 |
commit | d475ef8fd2a504b4a80926b65036cb08eb709a4e (patch) | |
tree | 9673fff006b3f0676ef1b5cd17ea46f953443be1 | |
parent | 44515f9965c847d0c8ebdc351239804ecf6236ee (diff) |
Create CSP response filter
2 files changed, 37 insertions, 0 deletions
diff --git a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/csp/CspResponseFilter.java b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/csp/CspResponseFilter.java new file mode 100644 index 00000000000..9ed0c745131 --- /dev/null +++ b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/csp/CspResponseFilter.java @@ -0,0 +1,29 @@ +// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.jdisc.http.filter.security.csp; + +import com.yahoo.component.annotation.Inject; +import com.yahoo.jdisc.AbstractResource; +import com.yahoo.jdisc.http.filter.DiscFilterResponse; +import com.yahoo.jdisc.http.filter.RequestView; +import com.yahoo.jdisc.http.filter.SecurityResponseFilter; +import com.yahoo.yolean.chain.Provides; + +/** + * The HTTP Content-Security-Policy (CSP) sandbox directive enables a sandbox for the requested resource similar to + * the <iframe> sandbox attribute. It applies restrictions to a page's actions including preventing popups, preventing + * the execution of plugins and scripts, and enforcing a same-origin policy. + * + * @author freva + */ +@Provides("CspResponseFilter") +public class CspResponseFilter extends AbstractResource implements SecurityResponseFilter { + + @Inject + public CspResponseFilter() { } + + @Override + public void filter(DiscFilterResponse response, RequestView request) { + response.setHeader("Content-Security-Policy", "sandbox"); + } + +} diff --git a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/csp/package-info.java b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/csp/package-info.java new file mode 100644 index 00000000000..c8784b32fcb --- /dev/null +++ b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/csp/package-info.java @@ -0,0 +1,8 @@ +// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +/** + * @author freva + */ +@ExportPackage +package com.yahoo.jdisc.http.filter.security.csp; + +import com.yahoo.osgi.annotation.ExportPackage; |