This is an automated email from the ASF dual-hosted git repository.
lukaszlenart pushed a commit to branch feature/WW-5400-csp
in repository https://gitbox.apache.org/repos/asf/struts-site.git
commit 1e2496bc5a7abfe0c2f97d4dc23cc6da63bfe288
Author: Lukasz Lenart <lukaszlen...@apache.org>
AuthorDate: Mon Jun 10 07:10:29 2024 +0200
WW-5400 Documents how to use cspSettingsClassName parameter
---
source/core-developers/csp-interceptor.md | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/source/core-developers/csp-interceptor.md
b/source/core-developers/csp-interceptor.md
index 2f03623f9..8bd3049ed 100644
--- a/source/core-developers/csp-interceptor.md
+++ b/source/core-developers/csp-interceptor.md
@@ -25,7 +25,7 @@ header is sent and `Content-Security-Policy` header is used
when using the enfor
CSP is now supported by all major browsers. [More information about
CSP](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP).
-The interceptor adds a nonce value automatically to to `<s:script>` and
`<s:link>` tags. This provides a painless way to
+The interceptor adds a nonce value automatically to `<s:script>` and
`<s:link>` tags. This provides a painless way to
implement CSP in a highly secure fashion.
## Parameters
@@ -33,7 +33,9 @@ implement CSP in a highly secure fashion.
- `enforcingMode` (default `false`) - When set to "true", the enforce mode has
been enabled, and the provided policy
is going to be enforced.
- `reportUri` - an uri under which the violations will be reported.
-- `prependServletContext` (default `true`) - a flag to prepend or not the
Servlet context to the `reportUri`
+- `prependServletContext` (default `true`) - a flag to prepend or not the
Servlet context to the `reportUri`
+- `cspSettingsClassName` (default to `DefaultCspSettings.class`) - a class
name implementing `CspSettings` interface
+ to allow to define a custom CPS settings. It's alternative approach of using
[CspAware](#Action_aware) interface below.
## Report action
