https://github.com/hendrixjoseph/spring-content-security-policy
A Content Security Policy builder and bean to help secure Spring applications.
https://github.com/hendrixjoseph/spring-content-security-policy
content-security-policy hacktoberfest spring spring-boot spring-config spring-security
Last synced: 9 months ago
JSON representation
A Content Security Policy builder and bean to help secure Spring applications.
- Host: GitHub
- URL: https://github.com/hendrixjoseph/spring-content-security-policy
- Owner: hendrixjoseph
- Created: 2023-05-10T18:50:45.000Z (about 3 years ago)
- Default Branch: main
- Last Pushed: 2024-12-12T14:37:34.000Z (over 1 year ago)
- Last Synced: 2025-04-13T20:44:32.764Z (about 1 year ago)
- Topics: content-security-policy, hacktoberfest, spring, spring-boot, spring-config, spring-security
- Language: Java
- Homepage: https://mvnrepository.com/artifact/com.joehxblog/spring-content-security-policy
- Size: 27.3 KB
- Stars: 2
- Watchers: 2
- Forks: 1
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Content Security Policy for Spring
## What is a Content Security Policy?
## How to use
```java
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.SecurityFilterChain;
import com.joehxblog.spring.csp.ContentSecurityPolicy;
@Configuration
public class Config {
private final ContentSecurityPolicy csp = new ContentSecurityPolicy();
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
return csp.filterChain(http);
}
}
```
Or write your own:
```java
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.SecurityFilterChain;
import com.joehxblog.spring.csp.ContentSecurityPolicy;
@Configuration
public class Config {
private final ContentSecurityPolicy csp = new ContentSecurityPolicy("default-src 'self'");
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
return csp.filterChain(http);
}
}
```
Or use the builder:
```java
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.SecurityFilterChain;
import com.joehxblog.spring.csp.ContentSecurityPolicy;
import com.joehxblog.spring.csp.directive.FetchDirective;
import com.joehxblog.spring.csp.value.KeywordValue;
@Configuration
public class Config {
private final ContentSecurityPolicy csp = ContentSecurityPolicy.build()
.add(FetchDirective.DEFAULT_SRC, KeywordValue.SELF)
.build();
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
return csp.filterChain(http);
}
}
```
### Maven Dependency Tag
```xml
com.joehxblog
spring-content-security-policy
6.4.1
```