Class ContentSecurityPolicyConfig
java.lang.Object
io.camunda.security.configuration.headers.ContentSecurityPolicyConfig
Configures Content Security Policy (CSP) to prevent XSS and other content injection attacks.
CSP allows fine-grained control over which resources can be loaded, providing defense-in-depth against Cross-Site Scripting (XSS), clickjacking, and other code injection attacks. When enabled (default state), CSP instructs browsers to only load resources from approved sources.
Default policies taken from Operate/Tasklist prior to 8.7 release, aggregated together.
- See Also:
-
Field Summary
Fields -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionbooleanbooleanbooleanvoidsetEnabled(boolean enabled) voidsetPolicyDirectives(String policyDirectives) voidsetReportOnly(boolean reportOnly)
-
Field Details
-
DEFAULT_SAAS_SECURITY_POLICY
- See Also:
-
DEFAULT_SM_SECURITY_POLICY
- See Also:
-
-
Constructor Details
-
ContentSecurityPolicyConfig
public ContentSecurityPolicyConfig()
-
-
Method Details
-
isEnabled
public boolean isEnabled() -
setEnabled
public void setEnabled(boolean enabled) -
isDisabled
public boolean isDisabled() -
getPolicyDirectives
-
setPolicyDirectives
-
isReportOnly
public boolean isReportOnly() -
setReportOnly
public void setReportOnly(boolean reportOnly)
-