Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Content Security Policy - Java Servlet Filter #332

Open
meg23 opened this issue Nov 13, 2014 · 8 comments
Open

Content Security Policy - Java Servlet Filter #332

meg23 opened this issue Nov 13, 2014 · 8 comments

Comments

@meg23
Copy link

meg23 commented Nov 13, 2014

From ronald.p...@googlemail.com on May 14, 2014 12:42:51

Hi,

I wrote a Java Servlet Filter for Content Security Policy 1.0 ( http://www.w3.org/TR/CSP/ ) which can be found on github: https://github.com/ronaldploeger/ContentSecurityPolicyFilter I would like to offer this for inclusion into ESAPI.

Best regards,
Ronald

Original issue: http://code.google.com/p/owasp-esapi-java/issues/detail?id=328

@kwwall
Copy link
Contributor

kwwall commented Jan 17, 2016

My preference is to put this and things like it under a separate 'contrib' area. Any suggestions where we should put something like that? For comparison, see https://code.google.com/p/owasp-esapi-java/source/browse/contrib. I would also like to migrate those pieces to GitHub as well but need some advice from you git / GitHub gurus.

@kwwall
Copy link
Contributor

kwwall commented Jan 17, 2016

Note that one major reason that I don't want to pull this in with the main ESAPI/esapi-java-legacy stuff is because it adds more dependencies (e.g., Hamcrest) that are not used elsewhere and ESAPI already has way too many dependencies. So IMO, that's why we need a separate 'contrib' project.

@xeno6696
Copy link
Collaborator

My 2c: Hamcrest has also been a dependency on almost every application I've worked on since 2013. I don't necessarily think that's a deal-breaker.

@xeno6696
Copy link
Collaborator

And Filters are opt-in by default. I don't have a problem with bringing in filters within the main project.

@kwwall
Copy link
Contributor

kwwall commented Jul 25, 2017 via email

@kwwall
Copy link
Contributor

kwwall commented Jul 25, 2017 via email

@kwwall
Copy link
Contributor

kwwall commented Aug 15, 2018

This also uses SLF4J for logging, so until ESAPI gets support for SLF4J (see issue #129), I think this will have to wait. I still think 'contrib' is the better spot for this though, especially since this project doesn't seem to be active (last commit in Nov 2014).

@kwwall
Copy link
Contributor

kwwall commented Aug 11, 2019

I'm unassigning this from myself, since it doesn't make sense for me to take things marked "good first issue". Besides I already have enough other issues to work on and keep me busy.

@kwwall kwwall removed their assignment Aug 11, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants