- private static String httpsCSP = null;
-
- private static String httpCSP = null;
-
- private static String getHttpsCSP() {
- if (httpsCSP == null) {
- StringBuffer csp = new StringBuffer();
- csp.append("default-src 'none'");
- csp.append(";font-src https://" + ServerConstants.getStaticHostNamePortSecure());
- csp.append(";img-src https://" + ServerConstants.getStaticHostNamePortSecure());
- csp.append(";media-src 'none'; object-src 'none'");
- csp.append(";script-src https://" + ServerConstants.getStaticHostNamePortSecure());
- csp.append(";style-src https://" + ServerConstants.getStaticHostNamePortSecure());
- csp.append(";form-action https://" + ServerConstants.getSecureHostNamePort() + " https://" + ServerConstants.getWwwHostNamePortSecure());
- csp.append(";report-url https://api.cacert.org/security/csp/report");
- httpsCSP = csp.toString();
- }
- return httpsCSP;
- }
-
- private static String getHttpCSP() {
- if (httpCSP == null) {
- StringBuffer csp = new StringBuffer();
- csp.append("default-src 'none'");
- csp.append(";font-src http://" + ServerConstants.getStaticHostNamePort());
- csp.append(";img-src http://" + ServerConstants.getStaticHostNamePort());
- csp.append(";media-src 'none'; object-src 'none'");
- csp.append(";script-src http://" + ServerConstants.getStaticHostNamePort());
- csp.append(";style-src http://" + ServerConstants.getStaticHostNamePort());
- csp.append(";form-action https://" + ServerConstants.getSecureHostNamePort() + " https://" + ServerConstants.getWwwHostNamePort());
- csp.append(";report-url http://api.cacert.org/security/csp/report");
- httpCSP = csp.toString();
- }
- return httpCSP;
+ private static String httpsCSP = genHttpsCSP();
+
+ private static String httpCSP = genHttpCSP();
+
+ private static String genHttpsCSP() {
+ StringBuffer csp = new StringBuffer();
+ csp.append("default-src 'none'");
+ csp.append(";font-src https://" + ServerConstants.getStaticHostNamePortSecure());
+ csp.append(";img-src https://" + ServerConstants.getStaticHostNamePortSecure());
+ csp.append(";media-src 'none'; object-src 'none'");
+ csp.append(";script-src https://" + ServerConstants.getStaticHostNamePortSecure());
+ csp.append(";style-src https://" + ServerConstants.getStaticHostNamePortSecure());
+ csp.append(";form-action https://" + ServerConstants.getSecureHostNamePort() + " https://" + ServerConstants.getWwwHostNamePortSecure());
+ // csp.append(";report-url https://api.cacert.org/security/csp/report");
+ return csp.toString();