t

play.filters.csp

CSPReportActionBuilder

trait CSPReportActionBuilder extends ActionBuilder[Request, ScalaCSPReport]

CSPReportAction exposes CSP content violations according to the CSP reporting spec

Be warned that Firefox and Chrome handle CSP reports very differently, and Firefox omits fields which are in the specification. As such, many fields are optional to ensure browser compatibility.

To use this in a controller, add something like the following:

class CSPReportController @Inject()(cc: ControllerComponents, cspReportAction: CSPReportActionBuilder) extends AbstractController(cc) {

  private val logger = org.slf4j.LoggerFactory.getLogger(getClass)

  private def logReport(report: ScalaCSPReport): Unit = {
    logger.warn(s"violated-directive: ${report.violatedDirective}, blocked = ${report.blockedUri}, policy = ${report.originalPolicy}")
  }

  val report: Action[ScalaCSPReport] = cspReportAction { request =>
    logReport(request.body)
    Ok("{}").as(JSON)
  }
}
Source
CSPReportActionBuilder.scala
Linear Supertypes
Ordering
  1. Alphabetic
  2. By Inheritance
Inherited
  1. CSPReportActionBuilder
  2. ActionBuilder
  3. ActionFunction
  4. AnyRef
  5. Any
  1. Hide All
  2. Show All
Visibility
  1. Public
  2. All

Abstract Value Members

  1. abstract def executionContext: ExecutionContext

    Get the execution context to run the request in.

    Get the execution context to run the request in.

    returns

    The execution context

    Attributes
    protected
    Definition Classes
    ActionFunction
  2. abstract def invokeBlock[A](request: Request[A], block: (Request[A]) ⇒ Future[Result]): Future[Result]

    Invoke the block.

    Invoke the block. This is the main method that an ActionBuilder has to implement, at this stage it can wrap it in any other actions, modify the request object or potentially use a different class to represent the request.

    request

    The request

    block

    The block of code to invoke

    returns

    A future of the result

    Definition Classes
    ActionFunction
  3. abstract def parser: BodyParser[ScalaCSPReport]

    returns

    The BodyParser to be used by this ActionBuilder if no other is specified

    Definition Classes
    ActionBuilder

Concrete Value Members

  1. final def !=(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  2. final def ##(): Int
    Definition Classes
    AnyRef → Any
  3. final def ==(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  4. def andThen[Q[_]](other: ActionFunction[Request, Q]): ActionBuilder[Q, ScalaCSPReport]

    Compose this ActionFunction with another, with this one applied first.

    Compose this ActionFunction with another, with this one applied first.

    other

    ActionFunction with which to compose

    returns

    The new ActionFunction

    Definition Classes
    ActionBuilderActionFunction
  5. final def apply(block: ⇒ Result): Action[AnyContent]

    Constructs an Action with default content, and no request parameter.

    Constructs an Action with default content, and no request parameter.

    For example:

    val hello = Action {
      Ok("Hello!")
    }
    block

    the action code

    returns

    an action

    Definition Classes
    ActionBuilder
  6. final def apply(block: (Request[ScalaCSPReport]) ⇒ Result): Action[ScalaCSPReport]

    Constructs an Action with default content.

    Constructs an Action with default content.

    For example:

    val echo = Action { request =>
      Ok("Got request [" + request + "]")
    }
    block

    the action code

    returns

    an action

    Definition Classes
    ActionBuilder
  7. final def apply[A](bodyParser: BodyParser[A]): ActionBuilder[Request, A]

    Constructs an ActionBuilder with the given BodyParser.

    Constructs an ActionBuilder with the given BodyParser. The result can then be applied directly to a block.

    For example:

    val echo = Action(parse.anyContent) { request =>
      Ok("Got request [" + request + "]")
    }
    A

    the type of the request body

    bodyParser

    the BodyParser to use to parse the request body

    returns

    an action

    Definition Classes
    ActionBuilder
  8. final def asInstanceOf[T0]: T0
    Definition Classes
    Any
  9. final def async[A](bodyParser: BodyParser[A])(block: (Request[A]) ⇒ Future[Result]): Action[A]

    Constructs an Action with the given BodyParser that returns a future of a result.

    Constructs an Action with the given BodyParser that returns a future of a result.

    For example:

    val hello = Action.async(parse.anyContent) { request =>
      ws.url(request.getQueryString("url").get).get().map { r =>
        if (r.status == 200) Ok("The website is up") else NotFound("The website is down")
      }
    }
    block

    the action code

    returns

    an action

    Definition Classes
    ActionBuilder
  10. final def async(block: (Request[ScalaCSPReport]) ⇒ Future[Result]): Action[ScalaCSPReport]

    Constructs an Action that returns a future of a result, with default content.

    Constructs an Action that returns a future of a result, with default content.

    For example:

    val hello = Action.async { request =>
      ws.url(request.getQueryString("url").get).get().map { r =>
        if (r.status == 200) Ok("The website is up") else NotFound("The website is down")
      }
    }
    block

    the action code

    returns

    an action

    Definition Classes
    ActionBuilder
  11. final def async(block: ⇒ Future[Result]): Action[AnyContent]

    Constructs an Action that returns a future of a result, with default content, and no request parameter.

    Constructs an Action that returns a future of a result, with default content, and no request parameter.

    For example:

    val hello = Action.async {
      ws.url("http://www.playframework.com").get().map { r =>
        if (r.status == 200) Ok("The website is up") else NotFound("The website is down")
      }
    }
    block

    the action code

    returns

    an action

    Definition Classes
    ActionBuilder
  12. def clone(): AnyRef
    Attributes
    protected[java.lang]
    Definition Classes
    AnyRef
    Annotations
    @native() @throws( ... )
  13. def compose[B](other: ActionBuilder[Request, B]): ActionBuilder[Request, B]
    Definition Classes
    ActionFunction
  14. def compose[Q[_]](other: ActionFunction[Q, Request]): ActionFunction[Q, Request]

    Compose another ActionFunction with this one, with this one applied last.

    Compose another ActionFunction with this one, with this one applied last.

    other

    ActionFunction with which to compose

    returns

    The new ActionFunction

    Definition Classes
    ActionFunction
  15. def composeAction[A](action: Action[A]): Action[A]

    Compose the action with other actions.

    Compose the action with other actions. This allows mixing in of various actions together.

    action

    The action to compose

    returns

    The composed action

    Attributes
    protected
    Definition Classes
    ActionBuilder
  16. def composeParser[A](bodyParser: BodyParser[A]): BodyParser[A]

    Compose the parser.

    Compose the parser. This allows the action builder to potentially intercept requests before they are parsed.

    bodyParser

    The body parser to compose

    returns

    The composed body parser

    Attributes
    protected
    Definition Classes
    ActionBuilder
  17. final def eq(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  18. def equals(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  19. def finalize(): Unit
    Attributes
    protected[java.lang]
    Definition Classes
    AnyRef
    Annotations
    @throws( classOf[java.lang.Throwable] )
  20. final def getClass(): Class[_]
    Definition Classes
    AnyRef → Any
    Annotations
    @native()
  21. def hashCode(): Int
    Definition Classes
    AnyRef → Any
    Annotations
    @native()
  22. final def isInstanceOf[T0]: Boolean
    Definition Classes
    Any
  23. final def ne(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  24. final def notify(): Unit
    Definition Classes
    AnyRef
    Annotations
    @native()
  25. final def notifyAll(): Unit
    Definition Classes
    AnyRef
    Annotations
    @native()
  26. final def synchronized[T0](arg0: ⇒ T0): T0
    Definition Classes
    AnyRef
  27. def toString(): String
    Definition Classes
    AnyRef → Any
  28. final def wait(): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws( ... )
  29. final def wait(arg0: Long, arg1: Int): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws( ... )
  30. final def wait(arg0: Long): Unit
    Definition Classes
    AnyRef
    Annotations
    @native() @throws( ... )

Inherited from ActionFunction[Request, Request]

Inherited from AnyRef

Inherited from Any

Ungrouped