This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git
The following commit(s) were added to refs/heads/asf-site by this push: new 45bf58034 Automatic Site Publish by Buildbot 45bf58034 is described below commit 45bf580340437d43fd5bdba618a2a3008d5da69f Author: buildbot <us...@infra.apache.org> AuthorDate: Wed Nov 30 08:28:56 2022 +0000 Automatic Site Publish by Buildbot --- output/core-developers/csp-interceptor.html | 207 ++++++++++++++++++++++++++++ output/core-developers/interceptors.html | 9 +- 2 files changed, 214 insertions(+), 2 deletions(-) diff --git a/output/core-developers/csp-interceptor.html b/output/core-developers/csp-interceptor.html new file mode 100644 index 000000000..187c56395 --- /dev/null +++ b/output/core-developers/csp-interceptor.html @@ -0,0 +1,207 @@ +<!DOCTYPE html> +<html lang="en"> +<head> + <meta charset="UTF-8"/> + <meta name="viewport" content="width=device-width, initial-scale=1.0"/> + <meta name="Date-Revision-yyyymmdd" content="20140918"/> + <meta http-equiv="Content-Language" content="en"/> + <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> + + <title>CSP Interceptor</title> + + <link href="//fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700,400italic,600italic,700italic" rel="stylesheet" type="text/css"> + <link href="//netdna.bootstrapcdn.com/font-awesome/4.0.3/css/font-awesome.css" rel="stylesheet"> + <link href="/css/main.css" rel="stylesheet"> + <link href="/css/custom.css" rel="stylesheet"> + <link href="/highlighter/github-theme.css" rel="stylesheet"> + + <script src="//code.jquery.com/jquery-1.11.0.min.js"></script> + <script type="text/javascript" src="/bootstrap/js/bootstrap.js"></script> + <script type="text/javascript" src="/js/community.js"></script> +</head> +<body> + +<a href="http://github.com/apache/struts" class="github-ribbon"> + <img style="position: absolute; right: 0; border: 0;" src="https://s3.amazonaws.com/github/ribbons/forkme_right_red_aa0000.png" alt="Fork me on GitHub"> +</a> + +<header> + <nav> + <div role="navigation" class="navbar navbar-default navbar-fixed-top"> + <div class="container"> + <div class="navbar-header"> + <button type="button" data-toggle="collapse" data-target="#struts-menu" class="navbar-toggle"> + Menu + <span class="sr-only">Toggle navigation</span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + </button> + <a href="/index.html" class="navbar-brand logo"><img src="/img/struts-logo.svg"></a> + </div> + <div id="struts-menu" class="navbar-collapse collapse"> + <ul class="nav navbar-nav"> + <li class="dropdown"> + <a data-toggle="dropdown" href="#" class="dropdown-toggle"> + Home<b class="caret"></b> + </a> + <ul class="dropdown-menu"> + <li><a href="/index.html">Welcome</a></li> + <li><a href="/download.cgi">Download</a></li> + <li><a href="/releases.html">Releases</a></li> + <li><a href="/announce-2022.html">Announcements</a></li> + <li><a href="http://www.apache.org/licenses/">License</a></li> + <li><a href="https://www.apache.org/foundation/thanks.html">Thanks!</a></li> + <li><a href="https://www.apache.org/foundation/sponsorship.html">Sponsorship</a></li> + <li><a href="https://privacy.apache.org/policies/privacy-policy-public.html">Privacy Policy</a></li> + </ul> + </li> + <li class="dropdown"> + <a data-toggle="dropdown" href="#" class="dropdown-toggle"> + Support<b class="caret"></b> + </a> + <ul class="dropdown-menu"> + <li><a href="/mail.html">User Mailing List</a></li> + <li><a href="https://issues.apache.org/jira/browse/WW">Issue Tracker</a></li> + <li><a href="/security.html">Reporting Security Issues</a></li> + <li class="divider"></li> + <li><a href="https://cwiki.apache.org/confluence/display/WW/Migration+Guide">Version Notes</a></li> + <li><a href="https://cwiki.apache.org/confluence/display/WW/Security+Bulletins">Security Bulletins</a></li> + <li class="divider"></li> + <li><a href="/maven/project-info.html">Maven Project Info</a></li> + <li><a href="/maven/struts2-core/dependencies.html">Struts Core Dependencies</a></li> + <li><a href="/maven/struts2-plugins/modules.html">Plugin Dependencies</a></li> + </ul> + </li> + <li class="dropdown"> + <a data-toggle="dropdown" href="#" class="dropdown-toggle"> + Documentation<b class="caret"></b> + </a> + <ul class="dropdown-menu"> + <li><a href="/birdseye.html">Birds Eye</a></li> + <li><a href="/primer.html">Key Technologies</a></li> + <li><a href="/kickstart.html">Kickstart FAQ</a></li> + <li><a href="https://cwiki.apache.org/confluence/display/WW/Home">Wiki</a></li> + <li class="divider"></li> + <li><a href="/getting-started/">Getting Started</a></li> + <li><a href="/security/">Security Guide</a></li> + <li><a href="/core-developers/">Core Developers Guide</a></li> + <li><a href="/tag-developers/">Tag Developers Guide</a></li> + <li><a href="/maven-archetypes/">Maven Archetypes</a></li> + <li><a href="/plugins/">Plugins</a></li> + <li><a href="/maven/struts2-core/apidocs/index.html">Struts Core API</a></li> + <li><a href="/tag-developers/tag-reference.html">Tag reference</a></li> + <li><a href="https://cwiki.apache.org/confluence/display/WW/FAQs">FAQs</a></li> + <li><a href="http://cwiki.apache.org/S2PLUGINS/home.html">Plugin registry</a></li> + </ul> + </li> + <li class="dropdown"> + <a data-toggle="dropdown" href="#" class="dropdown-toggle"> + Contributing<b class="caret"></b> + </a> + <ul class="dropdown-menu"> + <li><a href="/youatstruts.html">You at Struts</a></li> + <li><a href="/helping.html">How to Help FAQ</a></li> + <li><a href="/dev-mail.html">Development Lists</a></li> + <li class="divider"></li> + <li><a href="/submitting-patches.html">Submitting patches</a></li> + <li><a href="/builds.html">Source Code and Builds</a></li> + <li><a href="/coding-standards.html">Coding standards</a></li> + <li><a href="/contributors/">Contributors Guide</a></li> + <li class="divider"></li> + <li><a href="/release-guidelines.html">Release Guidelines</a></li> + <li><a href="/bylaws.html">PMC Charter</a></li> + <li><a href="/volunteers.html">Volunteers</a></li> + <li><a href="https://gitbox.apache.org/repos/asf?p=struts.git">Source Repository</a></li> + <li><a href="/updating-website.html">Updating the website</a></li> + </ul> + </li> + <li class="apache"><a href="http://www.apache.org/"><img src="/img/apache.png"></a></li> + </ul> + </div> + </div> + </div> + </nav> +</header> + + +<article class="container"> + <section class="col-md-12"> + <a class="edit-on-gh" href="https://github.com/apache/struts-site/edit/master/source/core-developers/csp-interceptor.md" title="Edit this page on GitHub">Edit on GitHub</a> + + <a href="interceptors.html" title="back to Interceptors"><< back to Interceptors</a> + + <h1 id="content-security-policy-interceptor">Content Security Policy Interceptor</h1> + +<h2 id="description">Description</h2> + +<p>Interceptor that implements Content Security Policy on incoming requests.</p> + +<p>Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, +including Cross-Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft, +to site defacement, to malware distribution.</p> + +<p>CSP can work in two modes, either <strong>enforce</strong> or <strong>report</strong>. In the report mode the <code class="language-plaintext highlighter-rouge">Content-Security-Policy-Report-Only</code> +header is sent and <code class="language-plaintext highlighter-rouge">Content-Security-Policy</code> header is used when using the enforce mode.</p> + +<p>CSP is now supported by all major browsers.</p> + +<p><a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP">More information about CSP</a>.</p> + +<h2 id="parameters">Parameters</h2> + +<ul> + <li><code class="language-plaintext highlighter-rouge">enforcingMode</code> (default <code class="language-plaintext highlighter-rouge">false</code>) - When set to “true”, the enforce mode has been enabled, and the provided policy +is going to be enforced.</li> + <li><code class="language-plaintext highlighter-rouge">reportUri</code> - an uri under, which the violations have to be reported.</li> +</ul> + +<h2 id="examples">Examples</h2> + +<div class="language-xml highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nt"><action</span> <span class="na">name=</span><span class="s">"someAction"</span> <span class="na">class=</span><span class="s">"com.examples.SomeAction"</span><span class="nt">></span> + <span class="nt"><interceptor-ref</span> <span class="na">name=</span><span class="s">"defaultStack"</span><span class="nt">></span> + <span class="nt"><param</span> <span class="na">name=</span><span class="s">"csp.enforcingMode"</span><span class="nt">></span>true<span class="nt"></param></span> + <span class="nt"><param</span> <span class="na">name=</span><span class="s">"csp.reportUri"</span><span class="nt">></span>/csp-report.action<span class="nt"></param></span> + <span class="nt"></interceptor-ref></span> + <span class="nt"><result</span> <span class="na">name=</span><span class="s">"success"</span><span class="nt">></span>good_result.ftl<span class="nt"></result></span> +<span class="nt"></action></span> +</code></pre></div></div> + + </section> +</article> + + +<footer class="container"> + <div class="col-md-12"> + Copyright © 2000-2022 <a href="https://www.apache.org/">The Apache Software Foundation</a>. + Apache Struts, Struts, Apache, the Apache feather logo, and the Apache Struts project logos are + trademarks of The Apache Software Foundation. All Rights Reserved. + </div> + <div class="col-md-12">Logo and website design donated by <a href="https://softwaremill.com/">SoftwareMill</a>.</div> +</footer> + +<script>!function (d, s, id) { + var js, fjs = d.getElementsByTagName(s)[0]; + if (!d.getElementById(id)) { + js = d.createElement(s); + js.id = id; + js.src = "//platform.twitter.com/widgets.js"; + fjs.parentNode.insertBefore(js, fjs); + } +}(document, "script", "twitter-wjs");</script> +<script src="https://apis.google.com/js/platform.js" async="async" defer="defer"></script> + +<div id="fb-root"></div> + +<script>(function (d, s, id) { + var js, fjs = d.getElementsByTagName(s)[0]; + if (d.getElementById(id)) return; + js = d.createElement(s); + js.id = id; + js.src = "//connect.facebook.net/en_GB/all.js#xfbml=1"; + fjs.parentNode.insertBefore(js, fjs); +}(document, 'script', 'facebook-jssdk'));</script> + + +</body> +</html> diff --git a/output/core-developers/interceptors.html b/output/core-developers/interceptors.html index 7b9277789..7c2c9ed2d 100644 --- a/output/core-developers/interceptors.html +++ b/output/core-developers/interceptors.html @@ -828,7 +828,7 @@ specified in the <code class="language-plaintext highlighter-rouge"><intercep <td>Adds automatic checkbox handling code that detect an unchecked checkbox and add it as a parameter with a default (usually ‘false’) value. Uses a specially named hidden field to detect unsubmitted checkboxes. The default unchecked value is overridable for non-boolean value’d checkboxes.</td> </tr> <tr> - <td><a href="coep-interceptor">COEP Interceptor</a></td> + <td><a href="coep-interceptor">Cross-Origin Embedder Policy Interceptor</a></td> <td>coep</td> <td>Implements the Cross-Origin Embedder Policy on incoming requests used to protect a document from loading any non-same-origin resources which don’t explicitly grant the document permission to be loaded.</td> </tr> @@ -848,7 +848,7 @@ specified in the <code class="language-plaintext highlighter-rouge"><intercep <td>Transfer cookies from action to response (Since 2.3.15.)</td> </tr> <tr> - <td><a href="coop-interceptor">COOP Interceptor</a></td> + <td><a href="coop-interceptor">Cross-Origin Opener Policy Interceptor</a></td> <td>coop</td> <td>Implements the Cross-Origin Opener Policy on incoming requests used to isolate resources against side-channel attacks and information leaks.</td> </tr> @@ -862,6 +862,11 @@ specified in the <code class="language-plaintext highlighter-rouge"><intercep <td>clearSession</td> <td>This interceptor clears the HttpSession.</td> </tr> + <tr> + <td><a href="csp-interceptor">Content Security Policy Interceptor</a></td> + <td>csp</td> + <td>Adds support for Content Security policy.</td> + </tr> <tr> <td><a href="debugging-interceptor">Debugging Interceptor</a></td> <td>debugging</td>