(struts) 01/01: WW-5401 Improves logging around wrapping request and detecting multipart request
This is an automated email from the ASF dual-hosted git repository.
lukaszlenart pushed a commit to branch feature/WW-5401-logging
in repository https://gitbox.apache.org/repos/asf/struts.git
commit f459981022677b58e65191c5256a16a1cd1114d3
Author: Lukasz Lenart
AuthorDate: Wed Mar 6 08:09:09 2024 +0100
WW-5401 Improves logging around wrapping request and detecting multipart
request
---
.../main/java/org/apache/struts2/dispatcher/Dispatcher.java | 13 ++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/core/src/main/java/org/apache/struts2/dispatcher/Dispatcher.java
b/core/src/main/java/org/apache/struts2/dispatcher/Dispatcher.java
index 70b85e1b7..fadbc1bd9 100644
--- a/core/src/main/java/org/apache/struts2/dispatcher/Dispatcher.java
+++ b/core/src/main/java/org/apache/struts2/dispatcher/Dispatcher.java
@@ -986,10 +986,12 @@ public class Dispatcher {
public HttpServletRequest wrapRequest(HttpServletRequest request) throws
IOException {
// don't wrap more than once
if (request instanceof StrutsRequestWrapper) {
+LOG.debug("Request already wrapped with {}",
StrutsRequestWrapper.class.getSimpleName());
return request;
}
if (isMultipartSupportEnabled(request) && isMultipartRequest(request))
{
+LOG.debug("Wrapping multipart request with: {}",
MultiPartRequestWrapper.class.getSimpleName());
request = new MultiPartRequestWrapper(
getMultiPartRequest(),
request,
@@ -998,6 +1000,7 @@ public class Dispatcher {
disableRequestAttributeValueStackLookup
);
} else {
+LOG.debug("Wrapping request using: {}",
StrutsRequestWrapper.class.getSimpleName());
request = new StrutsRequestWrapper(request,
disableRequestAttributeValueStackLookup);
}
@@ -1012,6 +1015,7 @@ public class Dispatcher {
* @since 2.5.11
*/
protected boolean isMultipartSupportEnabled(HttpServletRequest request) {
+LOG.debug("Support for multipart request is enabled: {}",
multipartSupportEnabled);
return multipartSupportEnabled;
}
@@ -1026,9 +1030,12 @@ public class Dispatcher {
String httpMethod = request.getMethod();
String contentType = request.getContentType();
-return REQUEST_POST_METHOD.equalsIgnoreCase(httpMethod) &&
-contentType != null &&
-
multipartValidationPattern.matcher(contentType.toLowerCase(Locale.ENGLISH)).matches();
+boolean isPostRequest =
REQUEST_POST_METHOD.equalsIgnoreCase(httpMethod);
+boolean isProperContentType = contentType != null &&
multipartValidationPattern.matcher(contentType.toLowerCase(Locale.ENGLISH)).matches();
+
+LOG.debug("Validating if this is proper Multipart request. Request is
POST: {} and ContentType matches pattern ({}): {}",
+isPostRequest, multipartValidationPattern,
isProperContentType);
+return isPostRequest && isProperContentType;
}
/**
(struts) branch feature/WW-5401-logging created (now f45998102)
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch feature/WW-5401-logging in repository https://gitbox.apache.org/repos/asf/struts.git at f45998102 WW-5401 Improves logging around wrapping request and detecting multipart request This branch includes the following new commits: new f45998102 WW-5401 Improves logging around wrapping request and detecting multipart request The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference.
(struts-site) branch asf-staging updated: Updates stage by Jenkins
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-staging in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-staging by this push: new a34cb2a33 Updates stage by Jenkins a34cb2a33 is described below commit a34cb2a3312f44797279690cbd35b447aedf200d Author: jenkins AuthorDate: Wed Mar 6 06:10:43 2024 + Updates stage by Jenkins --- content/core-developers/csp-interceptor.html | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/content/core-developers/csp-interceptor.html b/content/core-developers/csp-interceptor.html index 2b161917b..d088c1512 100644 --- a/content/core-developers/csp-interceptor.html +++ b/content/core-developers/csp-interceptor.html @@ -173,12 +173,15 @@ header is sent and Content-Se CSP is now supported by all major browsers. https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP;>More information about CSP. +The interceptor adds a nonce value automatically to to s:script and s:link tags. This provides a painless way to +implement CSP in a highly secure fashion. + Parameters enforcingMode (default false) - When set to “true”, the enforce mode has been enabled, and the provided policy is going to be enforced. - reportUri - an uri under, which the violations have to be reported. + reportUri - an uri under which the violations will be reported. prependServletContext (default true) - a flag to prepend or not the Servlet context to the reportUri
(struts-site) branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new aa5cf6f82 Automatic Site Publish by Buildbot aa5cf6f82 is described below commit aa5cf6f82ab47078769ce33be8c86ee652e3a63d Author: buildbot AuthorDate: Wed Mar 6 06:08:05 2024 + Automatic Site Publish by Buildbot --- output/core-developers/csp-interceptor.html | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/output/core-developers/csp-interceptor.html b/output/core-developers/csp-interceptor.html index 2b161917b..d088c1512 100644 --- a/output/core-developers/csp-interceptor.html +++ b/output/core-developers/csp-interceptor.html @@ -173,12 +173,15 @@ header is sent and Content-Se CSP is now supported by all major browsers. https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP;>More information about CSP. +The interceptor adds a nonce value automatically to to s:script and s:link tags. This provides a painless way to +implement CSP in a highly secure fashion. + Parameters enforcingMode (default false) - When set to “true”, the enforce mode has been enabled, and the provided policy is going to be enforced. - reportUri - an uri under, which the violations have to be reported. + reportUri - an uri under which the violations will be reported. prependServletContext (default true) - a flag to prepend or not the Servlet context to the reportUri
(struts-site) 01/01: Merge pull request #230 from eschulma/patch-1
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/struts-site.git commit 7c9b33625aeacb10128d39e8a389053e77b058c0 Merge: df112b878 40b9ca3d0 Author: Lukasz Lenart AuthorDate: Wed Mar 6 07:07:33 2024 +0100 Merge pull request #230 from eschulma/patch-1 Update csp-interceptor.md source/core-developers/csp-interceptor.md | 5 - 1 file changed, 4 insertions(+), 1 deletion(-)
(struts-site) branch master updated (df112b878 -> 7c9b33625)
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/struts-site.git from df112b878 Add Kusal to comitter list add 40b9ca3d0 Update csp-interceptor.md new 7c9b33625 Merge pull request #230 from eschulma/patch-1 The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: source/core-developers/csp-interceptor.md | 5 - 1 file changed, 4 insertions(+), 1 deletion(-)
