2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2022 Nordix Foundation. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
21 package org.openecomp.sdc.common.filters;
23 import java.io.IOException;
24 import javax.servlet.Filter;
25 import javax.servlet.FilterChain;
26 import javax.servlet.FilterConfig;
27 import javax.servlet.ServletException;
28 import javax.servlet.ServletRequest;
29 import javax.servlet.ServletResponse;
30 import javax.servlet.http.HttpServletResponse;
31 import org.apache.commons.lang3.StringUtils;
33 public abstract class ContentSecurityPolicyHeaderFilterAbstract implements Filter {
36 public void init(final FilterConfig filterConfig) throws ServletException {
37 // nothing to override
41 public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain) throws IOException, ServletException {
42 final HttpServletResponse httpServletResponse = (HttpServletResponse) response;
43 final String permittedAncestors = getPermittedAncestors();
44 httpServletResponse.setHeader("Content-Security-Policy",
45 "frame-ancestors 'self' " + (StringUtils.isNotBlank(permittedAncestors) ? permittedAncestors : ""));
46 chain.doFilter(request, httpServletResponse);
50 public void destroy() {
51 // nothing to override
54 protected abstract String getPermittedAncestors();