This is an automated email from the ASF dual-hosted git repository.
lukaszlenart pushed a commit to branch feature/csp-aware
in repository https://gitbox.apache.org/repos/asf/struts-site.git
commit 596d1ffede3c12de1684604e4b0575d29259a452
Author: Lukasz Lenart <lukaszlen...@apache.org>
AuthorDate: Tue Jul 18 09:12:19 2023 +0200
Adds info how to use CspSettingAware interface
---
source/core-developers/csp-interceptor.md | 22 ++++++++++++++++++++++
1 file changed, 22 insertions(+)
diff --git a/source/core-developers/csp-interceptor.md
b/source/core-developers/csp-interceptor.md
index b29584d4b..d112683cb 100644
--- a/source/core-developers/csp-interceptor.md
+++ b/source/core-developers/csp-interceptor.md
@@ -7,6 +7,10 @@ parent:
---
# Content Security Policy Interceptor
+{:.no_toc}
+
+* Will be replaced with the ToC, excluding a header
+{:toc}
## Description
@@ -27,6 +31,24 @@ CSP is now supported by all major browsers. [More
information about CSP](https:/
is going to be enforced.
- `reportUri` - an uri under, which the violations have to be reported.
+## Action aware
+
+Since Struts 6.2.0 it is possible to configure the CSP interceptor by
providing the an instance of `CspSettings` interface.
+Please use `CspSettingsAware` interface and implement the `getCspSettings()`
method to steer the policy per action.
+
+```java
+public class MyAction implements CspSettingsAware {
+
+ public String execute() {
+ return "success";
+ }
+
+ public CspSetting getCspSettings() {
+ ...
+ }
+}
+```
+
## Examples
```xml
