Package org.zkoss.zk.ui.http

Class CspProviderImpl

java.lang.Object

org.zkoss.zk.ui.http.CspProviderImpl

All Implemented Interfaces:

CspProvider

public class CspProviderImpl
extends java.lang.Object
implements CspProvider

An CspProvider implementation for Csp functions and applies.

Author:

peakerlee

Constructor Summary

Constructors

Constructor	Description
CspProviderImpl()

Method Summary

Modifier and Type	Method	Description
java.lang.String	getCspNonce()	Returns the current CSP nonce for use in inline scripts if no nonce is available.
void	setCspHeader(Execution exec, Configuration config)	Sets the CSP header for the given execution based on the configuration.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

CspProviderImpl

public CspProviderImpl()

Method Detail

setCspHeader

public void setCspHeader(Execution exec,
                         Configuration config)

Description copied from interface: CspProvider

Sets the CSP header for the given execution based on the configuration.

The actual headers applied to depend on the provided configuration, including whether report-only mode is enabled and whether a custom policy is specified.

Specified by:

setCspHeader in interface CspProvider

Parameters:

exec - the execution being processed

config - the CSP configuration

getCspNonce

public java.lang.String getCspNonce()

Description copied from interface: CspProvider

Returns the current CSP nonce for use in inline scripts if no nonce is available.

If a nonce has already been generated for the current execution, it is returned; otherwise, a new cryptographically secure, Base64-encoded nonce is generated. The nonce is typically used for inline script tags in strict-dynamic mode but can be retrieved regardless of the mode.

Specified by:

getCspNonce in interface CspProvider

Returns:

the current CSP nonce