Package org.eblocker.server.common.data

Class ContentSecurityPolicy

java.lang.Object

org.eblocker.server.common.data.ContentSecurityPolicy

public class ContentSecurityPolicy
extends Object

Parses the HTTP header Content-Security-Policy and inserts/edits the directives that allow the ControlBar to work.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	ContentSecurityPolicy.CspDirective

Constructor Summary

Constructors

Constructor	Description
ContentSecurityPolicy(List<ContentSecurityPolicy.CspDirective> directives)

Method Summary

Modifier and Type	Method	Description
void	allowControlBar(String controlBarUrl, String nonce)	The following actions must be allowed for the ControlBar to work: Load icons from eBlocker Allow XMLHttpRequests to eBlocker Allow loading the ControlBar as an iframe Allow execution of the injected ControlBar JavaScript
static ContentSecurityPolicy	from(String csp)	Parses Content-Security-Policy from a string
String	toString()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Details

ContentSecurityPolicy

public ContentSecurityPolicy(List<ContentSecurityPolicy.CspDirective> directives)

Method Details

toString

public String toString()

Overrides:

toString in class Object

from

public static ContentSecurityPolicy from(String csp)

Parses Content-Security-Policy from a string

Parameters:

csp -

Returns:

allowControlBar

public void allowControlBar(String controlBarUrl,
 String nonce)

The following actions must be allowed for the ControlBar to work:

• Load icons from eBlocker
• Allow XMLHttpRequests to eBlocker
• Allow loading the ControlBar as an iframe
• Allow execution of the injected ControlBar JavaScript

Parameters:

controlBarUrl - the eBlocker URL from which to load icons, XMLHttpRequests and the ControlBar iframe

nonce - the nonce of the ControlBar JavaScript