date:20220823

[struts-examples] branch master updated (3830e88 -> 4baa1f3)

2022-08-23 Thread lukaszlenart

This is an automated email from the ASF dual-hosted git repository.

lukaszlenart pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/struts-examples.git


from 3830e88  Merge pull request #165 from fp024/jasperreport-example-dev
 add 3987abe  Bump javax.el from 3.0.1-b11 to 3.0.1-b12
 new 4baa1f3  Merge pull request #162 from 
apache/dependabot/maven/org.glassfish-javax.el-3.0.1-b12

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 bean-validation/pom.xml | 2 +-
 rest-angular/pom.xml| 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

[struts-examples] 01/01: Merge pull request #162 from apache/dependabot/maven/org.glassfish-javax.el-3.0.1-b12

2022-08-23 Thread lukaszlenart

This is an automated email from the ASF dual-hosted git repository.

lukaszlenart pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/struts-examples.git

commit 4baa1f3a7d118e9b84b0aebf1bb238e4bb55ff3a
Merge: 3830e88 3987abe
Author: Lukasz Lenart 
AuthorDate: Tue Aug 23 10:32:36 2022 +0200

Merge pull request #162 from 
apache/dependabot/maven/org.glassfish-javax.el-3.0.1-b12

Bump javax.el from 3.0.1-b11 to 3.0.1-b12

 bean-validation/pom.xml | 2 +-
 rest-angular/pom.xml| 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

[struts] branch WW-5215-csp-session created (now 74d4e2371)

2022-08-23 Thread lukaszlenart

This is an automated email from the ASF dual-hosted git repository.

lukaszlenart pushed a change to branch WW-5215-csp-session
in repository https://gitbox.apache.org/repos/asf/struts.git


  at 74d4e2371 WW-5215 Checks is session was already created before 
applying CSP settings

This branch includes the following new commits:

 new 74d4e2371 WW-5215 Checks is session was already created before 
applying CSP settings

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.

[struts] 01/01: WW-5215 Checks is session was already created before applying CSP settings

2022-08-23 Thread lukaszlenart

This is an automated email from the ASF dual-hosted git repository.

lukaszlenart pushed a commit to branch WW-5215-csp-session
in repository https://gitbox.apache.org/repos/asf/struts.git

commit 74d4e2371616f4e51fe9986f916271554080ddd1
Author: Lukasz Lenart 
AuthorDate: Tue Aug 23 20:31:39 2022 +0200

WW-5215 Checks is session was already created before applying CSP settings
---
 .../struts2/interceptor/csp/CspInterceptor.java|  5 +-
 .../struts2/interceptor/csp/CspSettings.java   |  9 +++
 .../interceptor/csp/DefaultCspSettings.java| 83 +++-
 .../struts2/interceptor/CspInterceptorTest.java| 91 --
 4 files changed, 112 insertions(+), 76 deletions(-)

diff --git 
a/core/src/main/java/org/apache/struts2/interceptor/csp/CspInterceptor.java 
b/core/src/main/java/org/apache/struts2/interceptor/csp/CspInterceptor.java
index 250179636..ca77436cc 100644
--- a/core/src/main/java/org/apache/struts2/interceptor/csp/CspInterceptor.java
+++ b/core/src/main/java/org/apache/struts2/interceptor/csp/CspInterceptor.java
@@ -23,6 +23,7 @@ import 
com.opensymphony.xwork2.interceptor.AbstractInterceptor;
 import com.opensymphony.xwork2.interceptor.PreResultListener;
 import java.net.URI;
 import java.util.Optional;
+import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 /**
@@ -36,6 +37,7 @@ import javax.servlet.http.HttpServletResponse;
  * @see DefaultCspSettings
  **/
 public final class CspInterceptor extends AbstractInterceptor implements 
PreResultListener {
+
 private final CspSettings settings = new DefaultCspSettings();
 
 @Override
@@ -45,8 +47,9 @@ public final class CspInterceptor extends AbstractInterceptor 
implements PreResu
 }
 
 public void beforeResult(ActionInvocation invocation, String resultCode) {
+HttpServletRequest request = 
invocation.getInvocationContext().getServletRequest();
 HttpServletResponse response = 
invocation.getInvocationContext().getServletResponse();
-settings.addCspHeaders(response);
+settings.addCspHeaders(request, response);
 }
 
 public void setReportUri(String reportUri) {
diff --git 
a/core/src/main/java/org/apache/struts2/interceptor/csp/CspSettings.java 
b/core/src/main/java/org/apache/struts2/interceptor/csp/CspSettings.java
index 9699ab291..adf5b5072 100644
--- a/core/src/main/java/org/apache/struts2/interceptor/csp/CspSettings.java
+++ b/core/src/main/java/org/apache/struts2/interceptor/csp/CspSettings.java
@@ -18,6 +18,7 @@
  */
 package org.apache.struts2.interceptor.csp;
 
+import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 /**
@@ -42,9 +43,17 @@ public interface CspSettings {
 String HTTPS = "https:";
 String CSP_REPORT_TYPE = "application/csp-report";
 
+/**
+ * @deprecated use {@link #addCspHeaders(HttpServletRequest, 
HttpServletResponse)} instead
+ */
+@Deprecated
 void addCspHeaders(HttpServletResponse response);
+
+void addCspHeaders(HttpServletRequest request, HttpServletResponse 
response);
+
 // sets the uri where csp violation reports will be sent
 void setReportUri(String uri);
+
 // sets CSP headers in enforcing mode when true, and report-only when false
 void setEnforcingMode(boolean value);
 }
diff --git 
a/core/src/main/java/org/apache/struts2/interceptor/csp/DefaultCspSettings.java 
b/core/src/main/java/org/apache/struts2/interceptor/csp/DefaultCspSettings.java
index 5a99c0a5b..7ab70d226 100644
--- 
a/core/src/main/java/org/apache/struts2/interceptor/csp/DefaultCspSettings.java
+++ 
b/core/src/main/java/org/apache/struts2/interceptor/csp/DefaultCspSettings.java
@@ -18,13 +18,14 @@
  */
 package org.apache.struts2.interceptor.csp;
 
-import com.opensymphony.xwork2.ActionContext;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
 
+import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.security.SecureRandom;
 import java.util.Base64;
-import java.util.Map;
-import java.util.function.Supplier;
+import java.util.Objects;
 
 import static java.lang.String.format;
 
@@ -37,50 +38,61 @@ import static java.lang.String.format;
  */
 public class DefaultCspSettings implements CspSettings {
 
-private final SecureRandom sRand = new SecureRandom();
+private final static Logger LOG = 
LogManager.getLogger(DefaultCspSettings.class);
 
-// this supplier computes a policy format
-private final Supplier lazyPolicyBuilder = new Supplier() {
-@Override
-public String get() {
-StringBuilder policyFormatBuilder = new StringBuilder()
-.append(OBJECT_SRC)
-.append(format(" '%s'; ", NONE))
-.append(SCRIPT_SRC)
-.append(" 'nonce-%s' ") // nonce placeholder
-.append(format("'%s' ", STRICT_DYNAMIC))
-.append(f

[struts] branch WW-5215-csp-session updated: WW-5215 Explicitly creates session in test

2022-08-23 Thread lukaszlenart

This is an automated email from the ASF dual-hosted git repository.

lukaszlenart pushed a commit to branch WW-5215-csp-session
in repository https://gitbox.apache.org/repos/asf/struts.git


The following commit(s) were added to refs/heads/WW-5215-csp-session by this 
push:
 new 2707bf048 WW-5215 Explicitly creates session in test
2707bf048 is described below

commit 2707bf04893f1594186020e8b33028c75f9e0c2c
Author: Lukasz Lenart 
AuthorDate: Tue Aug 23 20:50:39 2022 +0200

WW-5215 Explicitly creates session in test
---
 .../org/apache/struts2/views/freemarker/FreemarkerResultMockedTest.java | 2 ++
 1 file changed, 2 insertions(+)

diff --git 
a/core/src/test/java/org/apache/struts2/views/freemarker/FreemarkerResultMockedTest.java
 
b/core/src/test/java/org/apache/struts2/views/freemarker/FreemarkerResultMockedTest.java
index 49e7abeae..f0fa5d3ba 100644
--- 
a/core/src/test/java/org/apache/struts2/views/freemarker/FreemarkerResultMockedTest.java
+++ 
b/core/src/test/java/org/apache/struts2/views/freemarker/FreemarkerResultMockedTest.java
@@ -259,6 +259,8 @@ public class FreemarkerResultMockedTest extends 
StrutsInternalTestCase {
 EasyMock.replay(servletContext);
 
 init();
+// create session
+request.getSession();
 
 request.setRequestURI("/tutorial/test10.action");
 ActionMapping mapping = 
container.getInstance(ActionMapper.class).getMapping(request, 
configurationManager);

[struts-examples] branch master updated (3830e88 -> 4baa1f3)

[struts-examples] 01/01: Merge pull request #162 from apache/dependabot/maven/org.glassfish-javax.el-3.0.1-b12

[struts] branch WW-5215-csp-session created (now 74d4e2371)

[struts] 01/01: WW-5215 Checks is session was already created before applying CSP settings

[struts] branch WW-5215-csp-session updated: WW-5215 Explicitly creates session in test

5 matches

Site Navigation

Mail list logo

Footer information