Package com.helger.http.csp

Class AbstractCSPSourceList<IMPLTYPE extends AbstractCSPSourceList<IMPLTYPE>>

java.lang.Object
com.helger.http.csp.AbstractCSPSourceList<IMPLTYPE>
Type Parameters:
IMPLTYPE - Implementation type
All Implemented Interfaces:
com.helger.base.trait.IGenericImplTrait<IMPLTYPE>
Direct Known Subclasses:
CSPSourceList
@NotThreadSafe public abstract class AbstractCSPSourceList<IMPLTYPE extends AbstractCSPSourceList<IMPLTYPE>> extends Object implements com.helger.base.trait.IGenericImplTrait<IMPLTYPE>
A source list to be used in a CSP directive (CSPDirective). It's just a convenient way to build a CSP directive value.
Author:
Philip Helger

  • Field Details

  • Constructor Details

    • AbstractCSPSourceList

      public AbstractCSPSourceList()
      Default constructor creating an empty CSP source list.

  • Method Details

    • getExpressionCount

      @Nonnegative public int getExpressionCount()
      Returns:
      The number of source expressions in this list. Always ≥ 0.

    • addScheme

      public @NonNull IMPLTYPE addScheme(@Nonempty @NonNull @Nonempty String sScheme)
      Add a scheme
      Parameters:
      sScheme - Scheme in the format scheme ":"
      Returns:
      this

    • addHost

      public @NonNull IMPLTYPE addHost(@NonNull com.helger.url.ISimpleURL aHost)
      Add a host
      Parameters:
      aHost - Host to add. Must be a valid URL.
      Returns:
      this

    • addHost

      public @NonNull IMPLTYPE addHost(@Nonempty @NonNull @Nonempty String sHost)
      Add a host
      Parameters:
      sHost - Host to add. Must be a valid URL or a star prefixed version.
      Returns:
      this

    • addMimeType

      public @NonNull IMPLTYPE addMimeType(@NonNull com.helger.mime.IMimeType aMimeType)
      Add a MIME type (for plugin-types)
      Parameters:
      aMimeType - MIME type to add. May not be null.
      Returns:
      this

    • addKeywordNone

      public @NonNull IMPLTYPE addKeywordNone()
      source expression 'none' represents an empty set of URIs
      Returns:
      this

    • addKeywordReportSample

      public @NonNull IMPLTYPE addKeywordReportSample()
      If this expression is included in a directive controlling scripts or styles, and the directive causes the browser to block any inline scripts, inline styles, or event handler attributes, then the violation report that the browser generates will contain a sample property containing the first 40 characters of the blocked resource.
      Returns:
      this

    • addKeywordSelf

      public @NonNull IMPLTYPE addKeywordSelf()
      source expression 'self' represents the set of URIs which are in the same origin as the protected resource
      Returns:
      this

    • addKeywordStrictDynamic

      public @NonNull IMPLTYPE addKeywordStrictDynamic()
      The 'strict-dynamic' keyword makes the trust conferred on a script by a nonce or a hash extend to scripts that this script dynamically loads, for example by creating new <script> tags using Document.createElement() and then inserting them into the document using Node.appendChild().
      Returns:
      this

    • addKeywordUnsafeEval

      public @NonNull IMPLTYPE addKeywordUnsafeEval()
      By default, if a CSP contains a default-src or a script-src directive, then JavaScript functions which evaluate their arguments as JavaScript are disabled. This includes "eval()", the code argument to "setTimeout()", or the "Function()" constructor.
      Returns:
      this

    • addKeywordUnsafeInline

      public @NonNull IMPLTYPE addKeywordUnsafeInline()
      source expression 'unsafe-inline' represents content supplied inline in the resource itself
      Returns:
      this

    • addNonce

      public @NonNull IMPLTYPE addNonce(byte @NonNull @Nonempty [] aNonceValue)
      Add the provided nonce value. The "\'nonce-"<IMPLTYPE extends AbstractCSPSourceList<IMPLTYPE>> and NONCE_SUFFIX are added automatically. The byte array is automatically Bas64 encoded.
      Parameters:
      aNonceValue - The plain nonce bytes. May not be null.
      Returns:
      this for chaining

    • addNonce

      public @NonNull IMPLTYPE addNonce(@Nonempty @NonNull @Nonempty String sNonceBase64Value)
      Add the provided Base64 encoded nonce value. The "\'nonce-"<IMPLTYPE extends AbstractCSPSourceList<IMPLTYPE>> and NONCE_SUFFIX are added automatically.
      Parameters:
      sNonceBase64Value - The Base64 encoded nonce value
      Returns:
      this for chaining

    • addHash

      public @NonNull IMPLTYPE addHash(@NonNull com.helger.security.messagedigest.EMessageDigestAlgorithm eMDAlgo, byte @NonNull @Nonempty [] aHashValue)
      Add the provided nonce value. The "\'"<IMPLTYPE extends AbstractCSPSourceList<IMPLTYPE>> and HASH_SUFFIX are added automatically. The byte array is automatically Bas64 encoded!
      Parameters:
      eMDAlgo - The message digest algorithm used. May only EMessageDigestAlgorithm.SHA_256, EMessageDigestAlgorithm.SHA_384 or EMessageDigestAlgorithm.SHA_512. May not be null.
      aHashValue - The plain hash digest value. May not be null.
      Returns:
      this for chaining

    • addHash

      public @NonNull IMPLTYPE addHash(@NonNull com.helger.security.messagedigest.EMessageDigestAlgorithm eMDAlgo, @NonNull String sHashBase64Value)
      Add the provided Base64 encoded hash value. The "\'"<IMPLTYPE extends AbstractCSPSourceList<IMPLTYPE>> and HASH_SUFFIX are added automatically.
      Parameters:
      eMDAlgo - The message digest algorithm used. May only EMessageDigestAlgorithm.SHA_256, EMessageDigestAlgorithm.SHA_384 or EMessageDigestAlgorithm.SHA_512. May not be null.
      sHashBase64Value - The Base64 encoded hash value
      Returns:
      this for chaining

    • getAsString

      public @NonNull String getAsString()
      Returns:
      The whole source list as a single string, separated by a blank char.

    • equals

      public boolean equals(Object o)
      Overrides:
      equals in class Object

    • hashCode

      public int hashCode()
      Overrides:
      hashCode in class Object

    • toString

      public @NonNull String toString()
      Overrides:
      toString in class Object