(struts) 01/01: WW-5369 Re-define minimal library set
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a commit to branch fix/WW-5369-min-lib in repository https://gitbox.apache.org/repos/asf/struts.git commit 72f551f40baa7c96b614b6e9f2c6ce92dd7b103e Author: Lukasz Lenart AuthorDate: Thu Jan 18 06:48:12 2024 +0100 WW-5369 Re-define minimal library set --- assembly/src/main/assembly/min-lib.xml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/assembly/src/main/assembly/min-lib.xml b/assembly/src/main/assembly/min-lib.xml index 3cae96356..a88b175fd 100644 --- a/assembly/src/main/assembly/min-lib.xml +++ b/assembly/src/main/assembly/min-lib.xml @@ -41,6 +41,8 @@ ognl:ognl commons-fileupload:commons-fileupload org.apache.commons:commons-io +com.github.ben-manes.caffeine:caffeine +org.javassist:javassist
(struts) branch fix/WW-5369-min-lib created (now 72f551f40)
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch fix/WW-5369-min-lib in repository https://gitbox.apache.org/repos/asf/struts.git at 72f551f40 WW-5369 Re-define minimal library set This branch includes the following new commits: new 72f551f40 WW-5369 Re-define minimal library set The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference.
(struts) branch feature/no-work-log deleted (was a66c97c86)
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch feature/no-work-log in repository https://gitbox.apache.org/repos/asf/struts.git was a66c97c86 Stop polluting JIRA tickets The revisions that were on this branch are still contained in other references; therefore, this change does not discard any commits from the repository.
(struts) 01/01: Stop polluting JIRA tickets
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a commit to branch feature/no-work-log in repository https://gitbox.apache.org/repos/asf/struts.git commit a66c97c86ec162fe34d1eadeadcaf1b77f4fdd51 Author: Lukasz Lenart AuthorDate: Wed Jan 17 13:38:50 2024 +0100 Stop polluting JIRA tickets --- .asf.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.asf.yaml b/.asf.yaml index 673c6e25c..dea378b87 100644 --- a/.asf.yaml +++ b/.asf.yaml @@ -8,7 +8,7 @@ notifications: # Send individual PR comments/reviews to issues@ pullrequests_comment: notificati...@struts.apache.org # Link opened PRs with JIRA - jira_options: link label worklog + jira_options: link label github: del_branch_on_merge: true
(struts) branch feature/no-work-log created (now a66c97c86)
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch feature/no-work-log in repository https://gitbox.apache.org/repos/asf/struts.git at a66c97c86 Stop polluting JIRA tickets This branch includes the following new commits: new a66c97c86 Stop polluting JIRA tickets The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference.
(struts-site) branch asf-staging updated: Updates stage by Jenkins
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-staging in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-staging by this push: new cfa365566 Updates stage by Jenkins cfa365566 is described below commit cfa365566dc50ce230eb32618ff15281c9af3544 Author: jenkins AuthorDate: Wed Jan 17 12:35:32 2024 + Updates stage by Jenkins --- content/core-developers/csp-interceptor.html | 1 + 1 file changed, 1 insertion(+) diff --git a/content/core-developers/csp-interceptor.html b/content/core-developers/csp-interceptor.html index 69a8a4684..2b161917b 100644 --- a/content/core-developers/csp-interceptor.html +++ b/content/core-developers/csp-interceptor.html @@ -179,6 +179,7 @@ header is sent and Content-Se enforcingMode (default false) - When set to “true”, the enforce mode has been enabled, and the provided policy is going to be enforced. reportUri - an uri under, which the violations have to be reported. + prependServletContext (default true) - a flag to prepend or not the Servlet context to the reportUri Report action
(struts-site) branch feature/WW-5374-context created (now 67a554a39)
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch feature/WW-5374-context in repository https://gitbox.apache.org/repos/asf/struts-site.git at 67a554a39 WW-5374 Documents prependServletContext flag This branch includes the following new commits: new 67a554a39 WW-5374 Documents prependServletContext flag The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference.
(struts-site) 01/01: WW-5374 Documents prependServletContext flag
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a commit to branch feature/WW-5374-context in repository https://gitbox.apache.org/repos/asf/struts-site.git commit 67a554a393de2c7f7bd6e8bd1aaf1d07e148abb0 Author: Lukasz Lenart AuthorDate: Wed Jan 17 13:26:59 2024 +0100 WW-5374 Documents prependServletContext flag --- source/core-developers/csp-interceptor.md | 1 + 1 file changed, 1 insertion(+) diff --git a/source/core-developers/csp-interceptor.md b/source/core-developers/csp-interceptor.md index 23175651f..83b99f382 100644 --- a/source/core-developers/csp-interceptor.md +++ b/source/core-developers/csp-interceptor.md @@ -30,6 +30,7 @@ CSP is now supported by all major browsers. [More information about CSP](https:/ - `enforcingMode` (default `false`) - When set to "true", the enforce mode has been enabled, and the provided policy is going to be enforced. - `reportUri` - an uri under, which the violations have to be reported. +- `prependServletContext` (default `true`) - a flag to prepend or not the Servlet context to the `reportUri` ## Report action
(struts) branch fix/WW-5387-remove deleted (was e9738698a)
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch fix/WW-5387-remove in repository https://gitbox.apache.org/repos/asf/struts.git was e9738698a WW-5387 Fixes remove() signature The revisions that were on this branch are still contained in other references; therefore, this change does not discard any commits from the repository.
(struts) branch master updated (d0ac76b9a -> fdd996c68)
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/struts.git from d0ac76b9a Merge pull request #820 from apache/dependabot/maven/org.apache.commons-commons-compress-1.25.0 add e9738698a WW-5387 Fixes remove() signature add fdd996c68 Merge pull request #844 from apache/fix/WW-5387-remove No new revisions were added by this update. Summary of changes: .../main/java/org/apache/struts2/dispatcher/ApplicationMap.java | 9 +++-- core/src/main/java/org/apache/struts2/dispatcher/RequestMap.java | 9 +++-- .../java/org/apache/struts2/portlet/PortletApplicationMap.java | 9 +++-- 3 files changed, 21 insertions(+), 6 deletions(-)
(struts) 01/01: WW-5374 Allows to prepend reportUri with Servlet context
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a commit to branch fix/WW-5374-context in repository https://gitbox.apache.org/repos/asf/struts.git commit dc96c257d4198f1b255728f878c48840de13a3f4 Author: Lukasz Lenart AuthorDate: Wed Jan 17 13:22:09 2024 +0100 WW-5374 Allows to prepend reportUri with Servlet context --- .../struts2/interceptor/csp/CspInterceptor.java| 42 -- .../struts2/interceptor/CspInterceptorTest.java| 37 +-- 2 files changed, 57 insertions(+), 22 deletions(-) diff --git a/core/src/main/java/org/apache/struts2/interceptor/csp/CspInterceptor.java b/core/src/main/java/org/apache/struts2/interceptor/csp/CspInterceptor.java index 8e4356646..aca583a32 100644 --- a/core/src/main/java/org/apache/struts2/interceptor/csp/CspInterceptor.java +++ b/core/src/main/java/org/apache/struts2/interceptor/csp/CspInterceptor.java @@ -43,7 +43,8 @@ public final class CspInterceptor extends AbstractInterceptor { private static final Logger LOG = LogManager.getLogger(CspInterceptor.class); -private Boolean enforcingMode; +private boolean prependServletContext = true; +private boolean enforcingMode; private String reportUri; @Override @@ -60,17 +61,22 @@ public final class CspInterceptor extends AbstractInterceptor { } private void applySettings(ActionInvocation invocation, CspSettings cspSettings) { -if (enforcingMode != null) { -LOG.trace("Applying: {} to enforcingMode", enforcingMode); -cspSettings.setEnforcingMode(enforcingMode); -} +HttpServletRequest request = invocation.getInvocationContext().getServletRequest(); +HttpServletResponse response = invocation.getInvocationContext().getServletResponse(); + +LOG.trace("Applying: {} to enforcingMode", enforcingMode); +cspSettings.setEnforcingMode(enforcingMode); + if (reportUri != null) { LOG.trace("Applying: {} to reportUri", reportUri); -cspSettings.setReportUri(reportUri); -} +String finalReportUri = reportUri; -HttpServletRequest request = invocation.getInvocationContext().getServletRequest(); -HttpServletResponse response = invocation.getInvocationContext().getServletResponse(); +if (prependServletContext && (request.getContextPath() != null) && (!request.getContextPath().isEmpty())) { +finalReportUri = request.getContextPath() + finalReportUri; +} + +cspSettings.setReportUri(finalReportUri); +} invocation.addPreResultListener((actionInvocation, resultCode) -> { LOG.trace("Applying CSP header: {} to the request", cspSettings); @@ -99,8 +105,22 @@ public final class CspInterceptor extends AbstractInterceptor { } } -public void setEnforcingMode(String value) { -this.enforcingMode = Boolean.parseBoolean(value); +/** + * Enables enforcing mode, by default all exceptions are only reported + * + * @param enforcingMode true to enable enforcing mode, false to keep reporting mode. + */ +public void setEnforcingMode(boolean enforcingMode) { +this.enforcingMode = enforcingMode; +} + +/** + * Sets whether to prepend the servlet context path to the {@link #reportUri}. + * + * @param prependServletContext true to prepend the location with the servlet context path, false otherwise. + */ +public void setPrependServletContext(boolean prependServletContext) { +this.prependServletContext = prependServletContext; } } diff --git a/core/src/test/java/org/apache/struts2/interceptor/CspInterceptorTest.java b/core/src/test/java/org/apache/struts2/interceptor/CspInterceptorTest.java index 2811b289f..38ef25b82 100644 --- a/core/src/test/java/org/apache/struts2/interceptor/CspInterceptorTest.java +++ b/core/src/test/java/org/apache/struts2/interceptor/CspInterceptorTest.java @@ -22,6 +22,7 @@ import com.opensymphony.xwork2.ActionContext; import com.opensymphony.xwork2.mock.MockActionInvocation; import org.apache.logging.log4j.util.Strings; import org.apache.struts2.StrutsInternalTestCase; +import org.apache.struts2.TestAction; import org.apache.struts2.action.CspSettingsAware; import org.apache.struts2.dispatcher.SessionMap; import org.apache.struts2.interceptor.csp.CspInterceptor; @@ -45,7 +46,7 @@ public class CspInterceptorTest extends StrutsInternalTestCase { public void test_whenRequestReceived_thenNonceIsSetInSession_andCspHeaderContainsIt() throws Exception { String reportUri = "/barfoo"; -String reporting = "false"; +boolean reporting = false; interceptor.setReportUri(reportUri); interceptor.setEnforcingMode(reporting); @@ -58,7 +59,7 @@ public class CspInterceptorTest extends StrutsInternalTestCase { public void
(struts) branch fix/WW-5374-context created (now dc96c257d)
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch fix/WW-5374-context in repository https://gitbox.apache.org/repos/asf/struts.git at dc96c257d WW-5374 Allows to prepend reportUri with Servlet context This branch includes the following new commits: new dc96c257d WW-5374 Allows to prepend reportUri with Servlet context The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference.