Package org.htmlunit.csp
Class Policy
- java.lang.Object
-
- org.htmlunit.csp.Policy
-
public final class Policy extends java.lang.Object
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description private static class
Policy.InlineType
private static class
Policy.NamedDirective
static interface
Policy.PolicyErrorConsumer
static interface
Policy.PolicyListErrorConsumer
static class
Policy.Severity
-
Field Summary
Fields Modifier and Type Field Description private SourceExpressionDirective
baseUri_
private boolean
blockAllMixedContent_
private java.util.List<Policy.NamedDirective>
directives_
private java.util.EnumMap<FetchDirectiveKind,SourceExpressionDirective>
fetchDirectives_
private SourceExpressionDirective
formAction_
private FrameAncestorsDirective
frameAncestors_
private SourceExpressionDirective
navigateTo_
private PluginTypesDirective
pluginTypes_
private FetchDirectiveKind
prefetchSrc_
private RFC7230Token
reportTo_
private ReportUriDirective
reportUri_
private SandboxDirective
sandbox_
private boolean
upgradeInsecureRequests_
-
Constructor Summary
Constructors Modifier Constructor Description private
Policy()
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description private Directive
add(java.lang.String name, java.util.List<java.lang.String> values, Directive.DirectiveErrorConsumer directiveErrorConsumer)
boolean
allowsApplicationManifest(java.util.Optional<URLWithScheme> source, java.util.Optional<URLWithScheme> origin)
boolean
allowsConnection(java.util.Optional<URLWithScheme> source, java.util.Optional<URLWithScheme> origin)
boolean
allowsEval()
boolean
allowsExternalScript(java.util.Optional<java.lang.String> nonce, java.util.Optional<java.lang.String> integrity, java.util.Optional<URLWithScheme> scriptUrl, java.util.Optional<java.lang.Boolean> parserInserted, java.util.Optional<URLWithScheme> origin)
boolean
allowsExternalStyle(java.util.Optional<java.lang.String> nonce, java.util.Optional<URLWithScheme> styleUrl, java.util.Optional<URLWithScheme> origin)
boolean
allowsFont(java.util.Optional<URLWithScheme> source, java.util.Optional<URLWithScheme> origin)
boolean
allowsFormAction(java.util.Optional<URLWithScheme> to, java.util.Optional<java.lang.Boolean> redirected, java.util.Optional<URLWithScheme> redirectedTo, java.util.Optional<URLWithScheme> origin)
boolean
allowsFrame(java.util.Optional<URLWithScheme> source, java.util.Optional<URLWithScheme> origin)
boolean
allowsFrameAncestor(java.util.Optional<URLWithScheme> source, java.util.Optional<URLWithScheme> origin)
boolean
allowsImage(java.util.Optional<URLWithScheme> source, java.util.Optional<URLWithScheme> origin)
boolean
allowsInlineScript(java.util.Optional<java.lang.String> nonce, java.util.Optional<java.lang.String> source, java.util.Optional<java.lang.Boolean> parserInserted)
boolean
allowsInlineStyle(java.util.Optional<java.lang.String> nonce, java.util.Optional<java.lang.String> source)
boolean
allowsJavascriptUrlNavigation(java.util.Optional<java.lang.String> source, java.util.Optional<URLWithScheme> origin)
boolean
allowsMedia(java.util.Optional<URLWithScheme> source, java.util.Optional<URLWithScheme> origin)
boolean
allowsNavigation(java.util.Optional<URLWithScheme> to, java.util.Optional<java.lang.Boolean> redirected, java.util.Optional<URLWithScheme> redirectedTo, java.util.Optional<URLWithScheme> origin)
boolean
allowsObject(java.util.Optional<URLWithScheme> source, java.util.Optional<URLWithScheme> origin)
boolean
allowsPlugin(java.util.Optional<MediaType> mediaType)
boolean
allowsPrefetch(java.util.Optional<URLWithScheme> source, java.util.Optional<URLWithScheme> origin)
boolean
allowsScriptAsAttribute(java.util.Optional<java.lang.String> source)
boolean
allowsStyleAsAttribute(java.util.Optional<java.lang.String> source)
boolean
allowsWorker(java.util.Optional<URLWithScheme> source, java.util.Optional<URLWithScheme> origin)
java.util.Optional<SourceExpressionDirective>
baseUri()
boolean
blockAllMixedContent()
private static java.lang.String
collect(java.lang.String input, java.lang.String regex)
private boolean
doesElementMatchSourceListForTypeAndSource(Policy.InlineType type, java.util.Optional<java.lang.String> nonce, java.util.Optional<java.lang.String> source, java.util.Optional<java.lang.Boolean> parserInserted)
static boolean
doesUrlMatchSourceListInOrigin(URLWithScheme url, HostSourceDirective list, java.util.Optional<URLWithScheme> origin)
(package private) static void
enforceAscii(java.lang.String s)
java.util.Optional<SourceExpressionDirective>
formAction()
java.util.Optional<FrameAncestorsDirective>
frameAncestors()
java.util.Optional<SourceExpressionDirective>
getFetchDirective(FetchDirectiveKind kind)
java.util.Optional<SourceExpressionDirective>
getGoverningDirectiveForEffectiveDirective(FetchDirectiveKind kind)
private static boolean
hostPartMatches(java.lang.String a, java.lang.String b)
java.util.Optional<SourceExpressionDirective>
navigateTo()
private static java.lang.String
normalizeBase64Url(java.lang.String input)
static Policy
parseSerializedCSP(java.lang.String serialized, Policy.PolicyErrorConsumer policyErrorConsumer)
static PolicyList
parseSerializedCSPList(java.lang.String serialized, Policy.PolicyListErrorConsumer policyListErrorConsumer)
private static boolean
pathPartMatches(java.lang.String pathA, java.lang.String pathB)
java.util.Optional<PluginTypesDirective>
pluginTypes()
private static boolean
portPartMatches(int a, int portB, java.lang.String schemeB)
java.util.Optional<FetchDirectiveKind>
prefetchSrc()
java.util.Optional<RFC7230Token>
reportTo()
java.util.Optional<ReportUriDirective>
reportUri()
java.util.Optional<SandboxDirective>
sandbox()
private static boolean
schemePartMatches(java.lang.String a, java.lang.String b)
private static java.lang.String
stripLeadingWhitespace(java.lang.String string)
private static java.lang.String
stripTrailingWhitespace(java.lang.String string)
java.lang.String
toString()
boolean
upgradeInsecureRequests()
-
-
-
Field Detail
-
directives_
private java.util.List<Policy.NamedDirective> directives_
-
baseUri_
private SourceExpressionDirective baseUri_
-
blockAllMixedContent_
private boolean blockAllMixedContent_
-
formAction_
private SourceExpressionDirective formAction_
-
frameAncestors_
private FrameAncestorsDirective frameAncestors_
-
navigateTo_
private SourceExpressionDirective navigateTo_
-
pluginTypes_
private PluginTypesDirective pluginTypes_
-
prefetchSrc_
private FetchDirectiveKind prefetchSrc_
-
reportTo_
private RFC7230Token reportTo_
-
reportUri_
private ReportUriDirective reportUri_
-
sandbox_
private SandboxDirective sandbox_
-
upgradeInsecureRequests_
private boolean upgradeInsecureRequests_
-
fetchDirectives_
private final java.util.EnumMap<FetchDirectiveKind,SourceExpressionDirective> fetchDirectives_
-
-
Method Detail
-
parseSerializedCSPList
public static PolicyList parseSerializedCSPList(java.lang.String serialized, Policy.PolicyListErrorConsumer policyListErrorConsumer)
-
parseSerializedCSP
public static Policy parseSerializedCSP(java.lang.String serialized, Policy.PolicyErrorConsumer policyErrorConsumer)
-
add
private Directive add(java.lang.String name, java.util.List<java.lang.String> values, Directive.DirectiveErrorConsumer directiveErrorConsumer)
-
toString
public java.lang.String toString()
- Overrides:
toString
in classjava.lang.Object
-
baseUri
public java.util.Optional<SourceExpressionDirective> baseUri()
-
blockAllMixedContent
public boolean blockAllMixedContent()
-
formAction
public java.util.Optional<SourceExpressionDirective> formAction()
-
frameAncestors
public java.util.Optional<FrameAncestorsDirective> frameAncestors()
-
navigateTo
public java.util.Optional<SourceExpressionDirective> navigateTo()
-
pluginTypes
public java.util.Optional<PluginTypesDirective> pluginTypes()
-
prefetchSrc
public java.util.Optional<FetchDirectiveKind> prefetchSrc()
-
reportTo
public java.util.Optional<RFC7230Token> reportTo()
-
reportUri
public java.util.Optional<ReportUriDirective> reportUri()
-
sandbox
public java.util.Optional<SandboxDirective> sandbox()
-
upgradeInsecureRequests
public boolean upgradeInsecureRequests()
-
getFetchDirective
public java.util.Optional<SourceExpressionDirective> getFetchDirective(FetchDirectiveKind kind)
-
allowsExternalScript
public boolean allowsExternalScript(java.util.Optional<java.lang.String> nonce, java.util.Optional<java.lang.String> integrity, java.util.Optional<URLWithScheme> scriptUrl, java.util.Optional<java.lang.Boolean> parserInserted, java.util.Optional<URLWithScheme> origin)
-
allowsInlineScript
public boolean allowsInlineScript(java.util.Optional<java.lang.String> nonce, java.util.Optional<java.lang.String> source, java.util.Optional<java.lang.Boolean> parserInserted)
-
allowsScriptAsAttribute
public boolean allowsScriptAsAttribute(java.util.Optional<java.lang.String> source)
-
allowsEval
public boolean allowsEval()
-
allowsNavigation
public boolean allowsNavigation(java.util.Optional<URLWithScheme> to, java.util.Optional<java.lang.Boolean> redirected, java.util.Optional<URLWithScheme> redirectedTo, java.util.Optional<URLWithScheme> origin)
-
allowsFormAction
public boolean allowsFormAction(java.util.Optional<URLWithScheme> to, java.util.Optional<java.lang.Boolean> redirected, java.util.Optional<URLWithScheme> redirectedTo, java.util.Optional<URLWithScheme> origin)
-
allowsJavascriptUrlNavigation
public boolean allowsJavascriptUrlNavigation(java.util.Optional<java.lang.String> source, java.util.Optional<URLWithScheme> origin)
-
allowsExternalStyle
public boolean allowsExternalStyle(java.util.Optional<java.lang.String> nonce, java.util.Optional<URLWithScheme> styleUrl, java.util.Optional<URLWithScheme> origin)
-
allowsInlineStyle
public boolean allowsInlineStyle(java.util.Optional<java.lang.String> nonce, java.util.Optional<java.lang.String> source)
-
allowsStyleAsAttribute
public boolean allowsStyleAsAttribute(java.util.Optional<java.lang.String> source)
-
allowsFrame
public boolean allowsFrame(java.util.Optional<URLWithScheme> source, java.util.Optional<URLWithScheme> origin)
-
allowsFrameAncestor
public boolean allowsFrameAncestor(java.util.Optional<URLWithScheme> source, java.util.Optional<URLWithScheme> origin)
-
allowsConnection
public boolean allowsConnection(java.util.Optional<URLWithScheme> source, java.util.Optional<URLWithScheme> origin)
-
allowsFont
public boolean allowsFont(java.util.Optional<URLWithScheme> source, java.util.Optional<URLWithScheme> origin)
-
allowsImage
public boolean allowsImage(java.util.Optional<URLWithScheme> source, java.util.Optional<URLWithScheme> origin)
-
allowsApplicationManifest
public boolean allowsApplicationManifest(java.util.Optional<URLWithScheme> source, java.util.Optional<URLWithScheme> origin)
-
allowsMedia
public boolean allowsMedia(java.util.Optional<URLWithScheme> source, java.util.Optional<URLWithScheme> origin)
-
allowsObject
public boolean allowsObject(java.util.Optional<URLWithScheme> source, java.util.Optional<URLWithScheme> origin)
-
allowsPrefetch
public boolean allowsPrefetch(java.util.Optional<URLWithScheme> source, java.util.Optional<URLWithScheme> origin)
-
allowsWorker
public boolean allowsWorker(java.util.Optional<URLWithScheme> source, java.util.Optional<URLWithScheme> origin)
-
allowsPlugin
public boolean allowsPlugin(java.util.Optional<MediaType> mediaType)
-
getGoverningDirectiveForEffectiveDirective
public java.util.Optional<SourceExpressionDirective> getGoverningDirectiveForEffectiveDirective(FetchDirectiveKind kind)
-
doesElementMatchSourceListForTypeAndSource
private boolean doesElementMatchSourceListForTypeAndSource(Policy.InlineType type, java.util.Optional<java.lang.String> nonce, java.util.Optional<java.lang.String> source, java.util.Optional<java.lang.Boolean> parserInserted)
-
normalizeBase64Url
private static java.lang.String normalizeBase64Url(java.lang.String input)
-
doesUrlMatchSourceListInOrigin
public static boolean doesUrlMatchSourceListInOrigin(URLWithScheme url, HostSourceDirective list, java.util.Optional<URLWithScheme> origin)
-
schemePartMatches
private static boolean schemePartMatches(java.lang.String a, java.lang.String b)
-
hostPartMatches
private static boolean hostPartMatches(java.lang.String a, java.lang.String b)
-
portPartMatches
private static boolean portPartMatches(int a, int portB, java.lang.String schemeB)
-
pathPartMatches
private static boolean pathPartMatches(java.lang.String pathA, java.lang.String pathB)
-
enforceAscii
static void enforceAscii(java.lang.String s)
-
stripLeadingWhitespace
private static java.lang.String stripLeadingWhitespace(java.lang.String string)
-
stripTrailingWhitespace
private static java.lang.String stripTrailingWhitespace(java.lang.String string)
-
collect
private static java.lang.String collect(java.lang.String input, java.lang.String regex)
-
-