Examples of org.auraframework.adapter.ContentSecurityPolicy

org.auraframework.adapter.ContentSecurityPolicy
This class describes a security policy for a particular application, by either its descriptor or its URL. Concrete implementations of this class likely want to extend {@link org.auraframework.impl.adapter.DefaultContentSecurityProvider}. @since 194

        get.releaseConnection();
    }


    /** Runs a test with special CSP */
    private Header[] doSpecialCspTest(String expectCspAncestors, String... ancestors) throws Exception {
        ContentSecurityPolicy mockCsp = new MockCsp(ancestors);


        MockConfigAdapter mci = getMockConfigAdapter();


        try {
            mci.setContentSecurityPolicy(mockCsp);

View Full Code Here

    @Override
    public ContentSecurityPolicy getContentSecurityPolicy(String app, HttpServletRequest request) {
        if (csp != null) {
            return csp;
        }
        ContentSecurityPolicy baseline = super.getContentSecurityPolicy(app, request);
        return new DefaultTestSecurityPolicy(baseline);
    }

View Full Code Here


    /**
     * Sets mandatory headers, notably for anti-clickjacking.
     */
    protected void setBasicHeaders(DefDescriptor top, HttpServletRequest req, HttpServletResponse rsp) {
        ContentSecurityPolicy csp = Aura.getConfigAdapter().getContentSecurityPolicy(
                top == null ? null : top.getQualifiedName(), req);


        if (csp != null) {
            rsp.setHeader(CSP.Header.SECURE, csp.getCspHeaderValue());
            Collection<String> terms = csp.getFrameAncestors();
            if (terms != null) {
                // not open to the world; figure whether we can express an X-FRAME-OPTIONS header:
                if (terms.size() == 0) {
                    // closed to any framing at all
                    rsp.setHeader(HDR_FRAME_OPTIONS, HDR_FRAME_DENY);

View Full Code Here

TOP

Related Classes of org.auraframework.adapter.ContentSecurityPolicy

org.auraframework.http.AuraBaseServlet

org.auraframework.http.AuraServletHttpTest

org.auraframework.impl.adapter.MockConfigAdapterImpl

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.