Skip to content

hendrixjoseph/spring-content-security-policy

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits
src
src
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
pom.xml
pom.xml
 
 

Repository files navigation

Content Security Policy for Spring

What is a Content Security Policy?

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy

How to use

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.SecurityFilterChain;

import com.joehxblog.spring.csp.ContentSecurityPolicy;

@Configuration
public class Config {
    private final ContentSecurityPolicy csp = new ContentSecurityPolicy();
    
    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        return csp.filterChain(http);
    }
}

Or write your own:

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.SecurityFilterChain;

import com.joehxblog.spring.csp.ContentSecurityPolicy;

@Configuration
public class Config {
    private final ContentSecurityPolicy csp = new ContentSecurityPolicy("default-src 'self'");
    
    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        return csp.filterChain(http);
    }
}

Or use the builder:

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.SecurityFilterChain;

import com.joehxblog.spring.csp.ContentSecurityPolicy;
import com.joehxblog.spring.csp.directive.FetchDirective;
import com.joehxblog.spring.csp.value.KeywordValue;

@Configuration
public class Config {
    private final ContentSecurityPolicy csp = ContentSecurityPolicy.build()
            .add(FetchDirective.DEFAULT_SRC, KeywordValue.SELF)
            .build();
    
    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        return csp.filterChain(http);
    }
}

Maven Dependency Tag

<dependency>
    <groupId>com.joehxblog</groupId>
    <artifactId>spring-content-security-policy</artifactId>
    <version>6.4.1</version>
</dependency>

About

A Content Security Policy builder and bean to help secure Spring applications.

mvnrepository.com/artifact/com.joehxblog/spring-content-security-policy

Topics

spring spring-boot spring-security content-security-policy hacktoberfest spring-config

Resources

Readme
Activity

Stars

2 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases 4

v6.5.1 Latest
Jun 18, 2025
+ 3 releases

Packages

No packages published

Languages