diff options
Diffstat (limited to 'jdisc-security-filters')
2 files changed, 37 insertions, 0 deletions
diff --git a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/csp/CspResponseFilter.java b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/csp/CspResponseFilter.java new file mode 100644 index 00000000000..9ed0c745131 --- /dev/null +++ b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/csp/CspResponseFilter.java @@ -0,0 +1,29 @@ +// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.jdisc.http.filter.security.csp; + +import com.yahoo.component.annotation.Inject; +import com.yahoo.jdisc.AbstractResource; +import com.yahoo.jdisc.http.filter.DiscFilterResponse; +import com.yahoo.jdisc.http.filter.RequestView; +import com.yahoo.jdisc.http.filter.SecurityResponseFilter; +import com.yahoo.yolean.chain.Provides; + +/** + * The HTTP Content-Security-Policy (CSP) sandbox directive enables a sandbox for the requested resource similar to + * the <iframe> sandbox attribute. It applies restrictions to a page's actions including preventing popups, preventing + * the execution of plugins and scripts, and enforcing a same-origin policy. + * + * @author freva + */ +@Provides("CspResponseFilter") +public class CspResponseFilter extends AbstractResource implements SecurityResponseFilter { + + @Inject + public CspResponseFilter() { } + + @Override + public void filter(DiscFilterResponse response, RequestView request) { + response.setHeader("Content-Security-Policy", "sandbox"); + } + +} diff --git a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/csp/package-info.java b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/csp/package-info.java new file mode 100644 index 00000000000..c8784b32fcb --- /dev/null +++ b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/csp/package-info.java @@ -0,0 +1,8 @@ +// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +/** + * @author freva + */ +@ExportPackage +package com.yahoo.jdisc.http.filter.security.csp; + +import com.yahoo.osgi.annotation.ExportPackage; |