Package com.helger.http.csp

Class AbstractCSPSourceList<IMPLTYPE extends AbstractCSPSourceList<IMPLTYPE>>

java.lang.Object
com.helger.http.csp.AbstractCSPSourceList<IMPLTYPE>
Type Parameters:
IMPLTYPE - Implementation type
All Implemented Interfaces:
com.helger.base.trait.IGenericImplTrait<IMPLTYPE>
Direct Known Subclasses:
CSPSourceList
@NotThreadSafe public abstract class AbstractCSPSourceList<IMPLTYPE extends AbstractCSPSourceList<IMPLTYPE>> extends Object implements com.helger.base.trait.IGenericImplTrait<IMPLTYPE>
A source list to be used in a CSP directive (CSPDirective). It's just a convenient way to build a CSP directive value.
Author:
Philip Helger

  • Field Details

  • Constructor Details

    • AbstractCSPSourceList

      public AbstractCSPSourceList()

  • Method Details

    • getExpressionCount

      @Nonnegative public int getExpressionCount()

    • addScheme

      @Nonnull public IMPLTYPE addScheme(@Nonnull @Nonempty String sScheme)
      Add a scheme
      Parameters:
      sScheme - Scheme in the format scheme ":"
      Returns:
      this

    • addHost

      @Nonnull public IMPLTYPE addHost(@Nonnull com.helger.url.ISimpleURL aHost)
      Add a host
      Parameters:
      aHost - Host to add. Must be a valid URL.
      Returns:
      this

    • addHost

      @Nonnull public IMPLTYPE addHost(@Nonnull @Nonempty String sHost)
      Add a host
      Parameters:
      sHost - Host to add. Must be a valid URL or a star prefixed version.
      Returns:
      this

    • addMimeType

      @Nonnull public IMPLTYPE addMimeType(@Nonnull com.helger.mime.IMimeType aMimeType)
      Add a MIME type (for plugin-types)
      Parameters:
      aMimeType - MIME type to add. May not be null.
      Returns:
      this

    • addKeywordNone

      @Nonnull public IMPLTYPE addKeywordNone()
      source expression 'none' represents an empty set of URIs
      Returns:
      this

    • addKeywordReportSample

      @Nonnull public IMPLTYPE addKeywordReportSample()
      If this expression is included in a directive controlling scripts or styles, and the directive causes the browser to block any inline scripts, inline styles, or event handler attributes, then the violation report that the browser generates will contain a sample property containing the first 40 characters of the blocked resource.
      Returns:
      this

    • addKeywordSelf

      @Nonnull public IMPLTYPE addKeywordSelf()
      source expression 'self' represents the set of URIs which are in the same origin as the protected resource
      Returns:
      this

    • addKeywordStrictDynamic

      @Nonnull public IMPLTYPE addKeywordStrictDynamic()
      The 'strict-dynamic' keyword makes the trust conferred on a script by a nonce or a hash extend to scripts that this script dynamically loads, for example by creating new <script> tags using Document.createElement() and then inserting them into the document using Node.appendChild().
      Returns:
      this

    • addKeywordUnsafeEval

      @Nonnull public IMPLTYPE addKeywordUnsafeEval()
      By default, if a CSP contains a default-src or a script-src directive, then JavaScript functions which evaluate their arguments as JavaScript are disabled. This includes "eval()", the code argument to "setTimeout()", or the "Function()" constructor.
      Returns:
      this

    • addKeywordUnsafeInline

      @Nonnull public IMPLTYPE addKeywordUnsafeInline()
      source expression 'unsafe-inline' represents content supplied inline in the resource itself
      Returns:
      this

    • addNonce

      @Nonnull public IMPLTYPE addNonce(@Nonnull @Nonempty byte[] aNonceValue)
      Add the provided nonce value. The "\'nonce-"<IMPLTYPE extends AbstractCSPSourceList<IMPLTYPE>> and NONCE_SUFFIX are added automatically. The byte array is automatically Bas64 encoded.
      Parameters:
      aNonceValue - The plain nonce bytes. May not be null.
      Returns:
      this for chaining

    • addNonce

      @Nonnull public IMPLTYPE addNonce(@Nonnull @Nonempty String sNonceBase64Value)
      Add the provided Base64 encoded nonce value. The "\'nonce-"<IMPLTYPE extends AbstractCSPSourceList<IMPLTYPE>> and NONCE_SUFFIX are added automatically.
      Parameters:
      sNonceBase64Value - The Base64 encoded nonce value
      Returns:
      this for chaining

    • addHash

      @Nonnull public IMPLTYPE addHash(@Nonnull com.helger.security.messagedigest.EMessageDigestAlgorithm eMDAlgo, @Nonnull @Nonempty byte[] aHashValue)
      Add the provided nonce value. The "\'"<IMPLTYPE extends AbstractCSPSourceList<IMPLTYPE>> and HASH_SUFFIX are added automatically. The byte array is automatically Bas64 encoded!
      Parameters:
      eMDAlgo - The message digest algorithm used. May only EMessageDigestAlgorithm.SHA_256, EMessageDigestAlgorithm.SHA_384 or EMessageDigestAlgorithm.SHA_512. May not be null.
      aHashValue - The plain hash digest value. May not be null.
      Returns:
      this for chaining

    • addHash

      @Nonnull public IMPLTYPE addHash(@Nonnull com.helger.security.messagedigest.EMessageDigestAlgorithm eMDAlgo, @Nonnull String sHashBase64Value)
      Add the provided Base64 encoded hash value. The "\'"<IMPLTYPE extends AbstractCSPSourceList<IMPLTYPE>> and HASH_SUFFIX are added automatically.
      Parameters:
      eMDAlgo - The message digest algorithm used. May only EMessageDigestAlgorithm.SHA_256, EMessageDigestAlgorithm.SHA_384 or EMessageDigestAlgorithm.SHA_512. May not be null.
      sHashBase64Value - The Base64 encoded hash value
      Returns:
      this for chaining

    • getAsString

      @Nonnull public String getAsString()
      Returns:
      The whole source list as a single string, separated by a blank char.

    • equals

      public boolean equals(Object o)
      Overrides:
      equals in class Object

    • hashCode

      public int hashCode()
      Overrides:
      hashCode in class Object

    • toString

      @Nonnull public String toString()
      Overrides:
      toString in class Object