Grégoire Aubert
3 weeks ago
3 changed files with 5 additions and 2 deletions
+ 1
- 0
server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/SamlValidationCspHeaders.java
View File
| @@ -37,6 +37,7 @@ public class SamlValidationCspHeaders { | |||
| "default-src 'self'", | |||
| "base-uri 'none'", | |||
| "connect-src 'self' http: https:", | |||
| "font-src 'self' data:;" + | |||
| "img-src * data: blob:", | |||
| "object-src 'none'", | |||
| "script-src 'nonce-" + nonce + "'", | |||
+ 3
- 2
server/sonar-webserver/src/main/java/org/sonar/server/platform/web/CspFilter.java
View File
| @@ -31,7 +31,7 @@ import javax.servlet.ServletResponse; | |||
| import javax.servlet.http.HttpServletResponse; | |||
| public class CspFilter implements Filter { | |||
| private final List<String> cspHeaders = new ArrayList<>(); | |||
| private String policies = null; | |||
| @@ -40,11 +40,12 @@ public class CspFilter implements Filter { | |||
| cspHeaders.add("Content-Security-Policy"); | |||
| cspHeaders.add("X-Content-Security-Policy"); | |||
| cspHeaders.add("X-WebKit-CSP"); | |||
| List<String> cspPolicies = new ArrayList<>(); | |||
| cspPolicies.add("default-src 'self'"); | |||
| cspPolicies.add("base-uri 'none'"); | |||
| cspPolicies.add("connect-src 'self' http: https:"); | |||
| cspPolicies.add("font-src 'self' data:"); | |||
| cspPolicies.add("img-src * data: blob:"); | |||
| cspPolicies.add("object-src 'none'"); | |||
| cspPolicies.add("script-src 'self'"); | |||
+ 1
- 0
server/sonar-webserver/src/test/java/org/sonar/server/platform/web/CspFilterTest.java
View File
| @@ -39,6 +39,7 @@ public class CspFilterTest { | |||
| private static final String EXPECTED = "default-src 'self'; " + | |||
| "base-uri 'none'; " + | |||
| "connect-src 'self' http: https:; " + | |||
| "font-src 'self' data:; " + | |||
| "img-src * data: blob:; " + | |||
| "object-src 'none'; " + | |||
| "script-src 'self'; " + | |||
Loading…