Re: [PR] WW-5400 Extend default configuration options for the CSP interceptor. [struts]

Thu, 11 Apr 2024 22:34:55 -0700 


lukaszlenart commented on code in PR #913:
URL: https://github.com/apache/struts/pull/913#discussion_r1562033229


##########
core/src/main/java/org/apache/struts2/interceptor/csp/CspInterceptor.java:
##########
@@ -124,4 +153,11 @@ public void setPrependServletContext(boolean 
prependServletContext) {
         this.prependServletContext = prependServletContext;
     }
 
-}
+    /**
+     * Sets the class name of the default {@link CspSettings} implementation 
to use when the action does not
+     * set its own values. If not set, the default is {@link 
DefaultCspSettings}.
+     */
+    public void setDefaultCspSettingsClassName(String 
defaultCspSettingsClassName) {
+        this.defaultCspSettingsClassName = defaultCspSettingsClassName;
+    }

Review Comment:
   You can use Struts inject mechanism instead of using raw class and creating 
the instance by yourself. It's all about defining a `<bean 
name="customCspSettings" class="..."/>` and then annotating the setter with 
`@Inject("customCspSettings")`.
   
   I assume you never played with Struts @Inject, so let's leave it as is and I 
will change that in the next PR.



##########
core/src/main/java/org/apache/struts2/interceptor/csp/CspInterceptor.java:
##########
@@ -124,4 +153,11 @@ public void setPrependServletContext(boolean 
prependServletContext) {
         this.prependServletContext = prependServletContext;
     }
 
-}
+    /**
+     * Sets the class name of the default {@link CspSettings} implementation 
to use when the action does not
+     * set its own values. If not set, the default is {@link 
DefaultCspSettings}.
+     */

Review Comment:
   Please add `@since Struts 6.5.0` 
[annotation](https://www.oracle.com/pl/technical-resources/articles/java/javadoc-tool.html#@since)



##########
core/src/main/java/org/apache/struts2/interceptor/csp/CspSettings.java:
##########
@@ -56,6 +57,11 @@ public interface CspSettings {
      */
     void setReportUri(String uri);
 
+    /**
+     * Sets the report group where csp violation reports will be sent
+     */

Review Comment:
   Could you add [@since Struts 
6.5.0](https://www.oracle.com/pl/technical-resources/articles/java/javadoc-tool.html#@since)?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to