https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.SecurityFilterChain;
import com.joehxblog.spring.csp.ContentSecurityPolicy;
@Configuration
public class Config {
private ContentSecurityPolicy csp = new ContentSecurityPolicy();
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
return csp.filterChain(http);
}
}
Or write your own:
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.SecurityFilterChain;
import com.joehxblog.spring.csp.ContentSecurityPolicy;
@Configuration
public class Config {
private ContentSecurityPolicy csp = new ContentSecurityPolicy("default-src 'self'");
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
return csp.filterChain(http);
}
}
Or use the builder:
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.SecurityFilterChain;
import com.joehxblog.spring.csp.ContentSecurityPolicy;
import com.joehxblog.spring.csp.directive.FetchDirective;
import com.joehxblog.spring.csp.value.KeywordValue;
@Configuration
public class Config {
private ContentSecurityPolicy csp = ContentSecurityPolicy.build()
.add(FetchDirective.DEFAULT_SRC, KeywordValue.SELF)
.build();
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
return csp.filterChain(http);
}
}