[struts-site] branch asf-staging updated: Updates stage by Jenkins

Mon, 28 Nov 2022 06:32:22 -0800 

This is an automated email from the ASF dual-hosted git repository.

git-site-role pushed a commit to branch asf-staging
in repository https://gitbox.apache.org/repos/asf/struts-site.git


The following commit(s) were added to refs/heads/asf-staging by this push:
     new cf2040368 Updates stage by Jenkins
cf2040368 is described below

commit cf2040368dd753c9a581cdbb2d11eef89a33cf47
Author: jenkins <bui...@apache.org>
AuthorDate: Mon Nov 28 14:32:13 2022 +0000

    Updates stage by Jenkins
---
 content/core-developers/csp-interceptor.html | 207 +++++++++++++++++++++++++++
 content/core-developers/interceptors.html    |   5 +
 2 files changed, 212 insertions(+)

diff --git a/content/core-developers/csp-interceptor.html 
b/content/core-developers/csp-interceptor.html
new file mode 100644
index 000000000..187c56395
--- /dev/null
+++ b/content/core-developers/csp-interceptor.html
@@ -0,0 +1,207 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8"/>
+  <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
+  <meta name="Date-Revision-yyyymmdd" content="20140918"/>
+  <meta http-equiv="Content-Language" content="en"/>
+  <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
+
+  <title>CSP Interceptor</title>
+
+  <link 
href="//fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700,400italic,600italic,700italic"
 rel="stylesheet" type="text/css">
+  <link 
href="//netdna.bootstrapcdn.com/font-awesome/4.0.3/css/font-awesome.css" 
rel="stylesheet">
+  <link href="/css/main.css" rel="stylesheet">
+  <link href="/css/custom.css" rel="stylesheet">
+  <link href="/highlighter/github-theme.css" rel="stylesheet">
+
+  <script src="//code.jquery.com/jquery-1.11.0.min.js"></script>
+  <script type="text/javascript" src="/bootstrap/js/bootstrap.js"></script>
+  <script type="text/javascript" src="/js/community.js"></script>
+</head>
+<body>
+
+<a href="http://github.com/apache/struts"; class="github-ribbon">
+  <img style="position: absolute; right: 0; border: 0;" 
src="https://s3.amazonaws.com/github/ribbons/forkme_right_red_aa0000.png"; 
alt="Fork me on GitHub">
+</a>
+
+<header>
+  <nav>
+    <div role="navigation" class="navbar navbar-default navbar-fixed-top">
+      <div class="container">
+        <div class="navbar-header">
+          <button type="button" data-toggle="collapse" 
data-target="#struts-menu" class="navbar-toggle">
+            Menu
+            <span class="sr-only">Toggle navigation</span>
+            <span class="icon-bar"></span>
+            <span class="icon-bar"></span>
+            <span class="icon-bar"></span>
+          </button>
+          <a href="/index.html" class="navbar-brand logo"><img 
src="/img/struts-logo.svg"></a>
+        </div>
+        <div id="struts-menu" class="navbar-collapse collapse">
+          <ul class="nav navbar-nav">
+            <li class="dropdown">
+              <a data-toggle="dropdown" href="#" class="dropdown-toggle">
+                Home<b class="caret"></b>
+              </a>
+              <ul class="dropdown-menu">
+                <li><a href="/index.html">Welcome</a></li>
+                <li><a href="/download.cgi">Download</a></li>
+                <li><a href="/releases.html">Releases</a></li>
+                <li><a href="/announce-2022.html">Announcements</a></li>
+                <li><a href="http://www.apache.org/licenses/";>License</a></li>
+                <li><a 
href="https://www.apache.org/foundation/thanks.html";>Thanks!</a></li>
+                <li><a 
href="https://www.apache.org/foundation/sponsorship.html";>Sponsorship</a></li>
+                <li><a 
href="https://privacy.apache.org/policies/privacy-policy-public.html";>Privacy 
Policy</a></li>
+              </ul>
+            </li>
+            <li class="dropdown">
+              <a data-toggle="dropdown" href="#" class="dropdown-toggle">
+                Support<b class="caret"></b>
+              </a>
+              <ul class="dropdown-menu">
+                <li><a href="/mail.html">User Mailing List</a></li>
+                <li><a href="https://issues.apache.org/jira/browse/WW";>Issue 
Tracker</a></li>
+                <li><a href="/security.html">Reporting Security Issues</a></li>
+                <li class="divider"></li>
+                <li><a 
href="https://cwiki.apache.org/confluence/display/WW/Migration+Guide";>Version 
Notes</a></li>
+                <li><a 
href="https://cwiki.apache.org/confluence/display/WW/Security+Bulletins";>Security
 Bulletins</a></li>
+                <li class="divider"></li>
+                <li><a href="/maven/project-info.html">Maven Project 
Info</a></li>
+                <li><a href="/maven/struts2-core/dependencies.html">Struts 
Core Dependencies</a></li>
+                <li><a href="/maven/struts2-plugins/modules.html">Plugin 
Dependencies</a></li>
+              </ul>
+            </li>
+            <li class="dropdown">
+              <a data-toggle="dropdown" href="#" class="dropdown-toggle">
+                Documentation<b class="caret"></b>
+              </a>
+              <ul class="dropdown-menu">
+                <li><a href="/birdseye.html">Birds Eye</a></li>
+                <li><a href="/primer.html">Key Technologies</a></li>
+                <li><a href="/kickstart.html">Kickstart FAQ</a></li>
+                <li><a 
href="https://cwiki.apache.org/confluence/display/WW/Home";>Wiki</a></li>
+                <li class="divider"></li>
+                <li><a href="/getting-started/">Getting Started</a></li>
+                <li><a href="/security/">Security Guide</a></li>
+                <li><a href="/core-developers/">Core Developers Guide</a></li>
+                <li><a href="/tag-developers/">Tag Developers Guide</a></li>
+                <li><a href="/maven-archetypes/">Maven Archetypes</a></li>
+                <li><a href="/plugins/">Plugins</a></li>
+                <li><a href="/maven/struts2-core/apidocs/index.html">Struts 
Core API</a></li>
+                <li><a href="/tag-developers/tag-reference.html">Tag 
reference</a></li>
+                <li><a 
href="https://cwiki.apache.org/confluence/display/WW/FAQs";>FAQs</a></li>
+                <li><a 
href="http://cwiki.apache.org/S2PLUGINS/home.html";>Plugin registry</a></li>
+              </ul>
+            </li>
+            <li class="dropdown">
+              <a data-toggle="dropdown" href="#" class="dropdown-toggle">
+                Contributing<b class="caret"></b>
+              </a>
+              <ul class="dropdown-menu">
+                <li><a href="/youatstruts.html">You at Struts</a></li>
+                <li><a href="/helping.html">How to Help FAQ</a></li>
+                <li><a href="/dev-mail.html">Development Lists</a></li>
+                <li class="divider"></li>
+                <li><a href="/submitting-patches.html">Submitting 
patches</a></li>
+                <li><a href="/builds.html">Source Code and Builds</a></li>
+                <li><a href="/coding-standards.html">Coding standards</a></li>
+                <li><a href="/contributors/">Contributors Guide</a></li>
+                <li class="divider"></li>
+                <li><a href="/release-guidelines.html">Release 
Guidelines</a></li>
+                <li><a href="/bylaws.html">PMC Charter</a></li>
+                <li><a href="/volunteers.html">Volunteers</a></li>
+                <li><a 
href="https://gitbox.apache.org/repos/asf?p=struts.git";>Source 
Repository</a></li>
+                <li><a href="/updating-website.html">Updating the 
website</a></li>
+              </ul>
+            </li>
+            <li class="apache"><a href="http://www.apache.org/";><img 
src="/img/apache.png"></a></li>
+          </ul>
+        </div>
+      </div>
+    </div>
+  </nav>
+</header>
+
+
+<article class="container">
+  <section class="col-md-12">
+    <a class="edit-on-gh" 
href="https://github.com/apache/struts-site/edit/master/source/core-developers/csp-interceptor.md";
 title="Edit this page on GitHub">Edit on GitHub</a>
+    
+    <a href="interceptors.html" title="back to Interceptors"><< back to 
Interceptors</a>
+    
+    <h1 id="content-security-policy-interceptor">Content Security Policy 
Interceptor</h1>
+
+<h2 id="description">Description</h2>
+
+<p>Interceptor that implements Content Security Policy on incoming 
requests.</p>
+
+<p>Content Security Policy (CSP) is an added layer of security that helps to 
detect and mitigate certain types of attacks, 
+including Cross-Site Scripting (XSS) and data injection attacks. These attacks 
are used for everything from data theft, 
+to site defacement, to malware distribution.</p>
+
+<p>CSP can work in two modes, either <strong>enforce</strong> or 
<strong>report</strong>. In the report mode the <code class="language-plaintext 
highlighter-rouge">Content-Security-Policy-Report-Only</code>
+header is sent and <code class="language-plaintext 
highlighter-rouge">Content-Security-Policy</code> header is used when using the 
enforce mode.</p>
+
+<p>CSP is now supported by all major browsers.</p>
+
+<p><a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP";>More 
information about CSP</a>.</p>
+
+<h2 id="parameters">Parameters</h2>
+
+<ul>
+  <li><code class="language-plaintext highlighter-rouge">enforcingMode</code> 
(default <code class="language-plaintext highlighter-rouge">false</code>) - 
When set to “true”, the enforce mode has been enabled, and the provided policy 
+is going to be enforced.</li>
+  <li><code class="language-plaintext highlighter-rouge">reportUri</code> - an 
uri under, which the violations have to be reported.</li>
+</ul>
+
+<h2 id="examples">Examples</h2>
+
+<div class="language-xml highlighter-rouge"><div class="highlight"><pre 
class="highlight"><code><span class="nt">&lt;action</span>  <span 
class="na">name=</span><span class="s">"someAction"</span> <span 
class="na">class=</span><span class="s">"com.examples.SomeAction"</span><span 
class="nt">&gt;</span>
+    <span class="nt">&lt;interceptor-ref</span> <span 
class="na">name=</span><span class="s">"defaultStack"</span><span 
class="nt">&gt;</span>
+        <span class="nt">&lt;param</span> <span class="na">name=</span><span 
class="s">"csp.enforcingMode"</span><span class="nt">&gt;</span>true<span 
class="nt">&lt;/param&gt;</span>
+        <span class="nt">&lt;param</span> <span class="na">name=</span><span 
class="s">"csp.reportUri"</span><span 
class="nt">&gt;</span>/csp-report.action<span class="nt">&lt;/param&gt;</span>
+    <span class="nt">&lt;/interceptor-ref&gt;</span>
+    <span class="nt">&lt;result</span> <span class="na">name=</span><span 
class="s">"success"</span><span class="nt">&gt;</span>good_result.ftl<span 
class="nt">&lt;/result&gt;</span>
+<span class="nt">&lt;/action&gt;</span>
+</code></pre></div></div>
+
+  </section>
+</article>
+
+
+<footer class="container">
+  <div class="col-md-12">
+    Copyright &copy; 2000-2022 <a href="https://www.apache.org/";>The Apache 
Software Foundation</a>.
+    Apache Struts, Struts, Apache, the Apache feather logo, and the Apache 
Struts project logos are
+    trademarks of The Apache Software Foundation. All Rights Reserved.
+  </div>
+  <div class="col-md-12">Logo and website design donated by <a 
href="https://softwaremill.com/";>SoftwareMill</a>.</div>
+</footer>
+
+<script>!function (d, s, id) {
+  var js, fjs = d.getElementsByTagName(s)[0];
+  if (!d.getElementById(id)) {
+    js = d.createElement(s);
+    js.id = id;
+    js.src = "//platform.twitter.com/widgets.js";
+    fjs.parentNode.insertBefore(js, fjs);
+  }
+}(document, "script", "twitter-wjs");</script>
+<script src="https://apis.google.com/js/platform.js"; async="async" 
defer="defer"></script>
+
+<div id="fb-root"></div>
+
+<script>(function (d, s, id) {
+  var js, fjs = d.getElementsByTagName(s)[0];
+  if (d.getElementById(id)) return;
+  js = d.createElement(s);
+  js.id = id;
+  js.src = "//connect.facebook.net/en_GB/all.js#xfbml=1";
+  fjs.parentNode.insertBefore(js, fjs);
+}(document, 'script', 'facebook-jssdk'));</script>
+
+
+</body>
+</html>
diff --git a/content/core-developers/interceptors.html 
b/content/core-developers/interceptors.html
index 7b9277789..7df0f15e9 100644
--- a/content/core-developers/interceptors.html
+++ b/content/core-developers/interceptors.html
@@ -862,6 +862,11 @@ specified in the <code class="language-plaintext 
highlighter-rouge">&lt;intercep
       <td>clearSession</td>
       <td>This interceptor clears the HttpSession.</td>
     </tr>
+    <tr>
+      <td><a href="csp-interceptor">Content Security Policy 
Interceptor</a></td>
+      <td>csp</td>
+      <td>Adds support for Content Security policy.</td>
+    </tr>
     <tr>
       <td><a href="debugging-interceptor">Debugging Interceptor</a></td>
       <td>debugging</td>

Reply via email to