Examples with ContentSecurityPolicyHeaderWriter org.springframework.security.web.header.writers.ContentSecurityPolicyHeaderWriter used on opensource projects

Example 1 with ContentSecurityPolicyHeaderWriter

use of org.springframework.security.web.header.writers.ContentSecurityPolicyHeaderWriter in project spring-security by spring-projects.

the class HeadersConfigurer method contentSecurityPolicy.

/**
 * <p>
 * Allows configuration for <a href="https://www.w3.org/TR/CSP2/">Content Security
 * Policy (CSP) Level 2</a>.
 * </p>
 *
 * <p>
 * Calling this method automatically enables (includes) the Content-Security-Policy
 * header in the response using the supplied security policy directive(s).
 * </p>
 *
 * <p>
 * Configuration is provided to the {@link ContentSecurityPolicyHeaderWriter} which
 * supports the writing of the two headers as detailed in the W3C Candidate
 * Recommendation:
 * </p>
 * <ul>
 * <li>Content-Security-Policy</li>
 * <li>Content-Security-Policy-Report-Only</li>
 * </ul>
 * @param contentSecurityCustomizer the {@link Customizer} to provide more options for
 * the {@link ContentSecurityPolicyConfig}
 * @return the {@link HeadersConfigurer} for additional customizations
 * @see ContentSecurityPolicyHeaderWriter
 */
public HeadersConfigurer<H> contentSecurityPolicy(Customizer<ContentSecurityPolicyConfig> contentSecurityCustomizer) {
    this.contentSecurityPolicy.writer = new ContentSecurityPolicyHeaderWriter();
    contentSecurityCustomizer.customize(this.contentSecurityPolicy);
    return HeadersConfigurer.this;
}