Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

play-java-streaming-example: Add csp nonce #483

Merged
merged 1 commit into from
Dec 19, 2023
Merged

play-java-streaming-example: Add csp nonce #483

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 27 additions & 0 deletions play-java-streaming-example/app/controllers/HomeController.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
package controllers;

import javax.inject.Inject;

import play.routing.*;

import play.mvc.Controller;
import play.mvc.Http;
import play.mvc.Result;

public class HomeController extends Controller {

public Result index(final Http.Request request) {
return ok(views.html.index.render(request));
}

public Result javascriptRoutes(final Http.Request request) {
return ok(
JavaScriptReverseRouter.create(
"jsRoutes",
"jQuery.ajax",
request.host(),
routes.javascript.JavaEventSourceController.streamClock()
)
).as("text/javascript");
}
}
21 changes: 0 additions & 21 deletions play-java-streaming-example/app/controllers/HomeController.scala
View file
Open in desktop

This file was deleted.

13 changes: 7 additions & 6 deletions play-java-streaming-example/app/controllers/JavaCometController.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,22 +4,23 @@
import play.mvc.Controller;
import play.mvc.Http;
import play.mvc.Result;
import views.html.helper.CSPNonce;

import javax.inject.Singleton;

@Singleton
public class JavaCometController extends Controller implements JavaTicker {

public Result index() {
return ok(views.html.javacomet.render());
public Result index(final Http.Request request) {
return ok(views.html.javacomet.render(request));
}

public Result streamClock() {
return ok().chunked(getStringSource().via(Comet.string("parent.clockChanged"))).as(Http.MimeTypes.HTML);
public Result streamClock(final Http.Request request) {
return ok().chunked(getStringSource().via(Comet.string("parent.clockChanged", CSPNonce.apply(request.asScala())))).as(Http.MimeTypes.HTML);
}

public Result jsonClock() {
return ok().chunked(getJsonSource().via(Comet.json("parent.clockChanged"))).as(Http.MimeTypes.HTML);
public Result jsonClock(final Http.Request request) {
return ok().chunked(getJsonSource().via(Comet.json("parent.clockChanged", CSPNonce.apply(request.asScala())))).as(Http.MimeTypes.HTML);
}

}
4 changes: 2 additions & 2 deletions play-java-streaming-example/app/controllers/JavaEventSourceController.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,8 @@
@Singleton
public class JavaEventSourceController extends Controller implements JavaTicker {

public Result index() {
return ok(views.html.javaeventsource.render());
public Result index(final Http.Request request) {
return ok(views.html.javaeventsource.render(request));
}

public Result streamClock() {
Expand Down
2 changes: 1 addition & 1 deletion play-java-streaming-example/app/views/index.scala.html
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
@()
@()(implicit request: JRequestHeader)

@main {

Expand Down
6 changes: 3 additions & 3 deletions play-java-streaming-example/app/views/javacomet.scala.html
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
@()
@()(implicit request: JRequestHeader)

@main {

Expand All @@ -10,8 +10,8 @@ <h1 id="clock"></h1>
Clock events are pushed from the Server using a Comet connection.
</p>

<script src="@routes.Assets.at("javascripts/comet.js")"></script>
<script @{CSPNonce.attr} src="@routes.Assets.at("javascripts/comet.js")"></script>

<iframe id="comet" src="@routes.JavaCometController.streamClock().unique()"></iframe>
<iframe id="comet" hidden src="@routes.JavaCometController.streamClock().unique()"></iframe>

}
4 changes: 2 additions & 2 deletions play-java-streaming-example/app/views/javaeventsource.scala.html
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
@()
@()(implicit request: JRequestHeader)

@main {
<h1>Server Sent Event clock</h1>
Expand All @@ -9,5 +9,5 @@ <h1 id="clock"></h1>
Clock events are pushed from the Server using a Server Sent Event connection.
</p>

<script src="@routes.Assets.at("javascripts/eventsource.js")"></script>
<script @{CSPNonce.attr} src="@routes.Assets.at("javascripts/eventsource.js")"></script>
}
6 changes: 3 additions & 3 deletions play-java-streaming-example/app/views/main.scala.html
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
@(content: Html)
@(content: Html)(implicit request: play.api.mvc.RequestHeader)

<!DOCTYPE html>

Expand All @@ -7,8 +7,8 @@
<title>EventSource clock</title>
<link rel="stylesheet" media="screen" href="@routes.Assets.at("stylesheets/main.css")">
<link rel="shortcut icon" type="image/png" href="@routes.Assets.at("images/favicon.png")">
<script src="@routes.Assets.at("javascripts/jquery-3.2.0.slim.js")" type="text/javascript"></script>
<script type="text/javascript" src="@routes.HomeController.javascriptRoutes"></script>
<script @{CSPNonce.attr} src="@routes.Assets.at("javascripts/jquery-3.2.0.slim.js")" type="text/javascript"></script>
<script @{CSPNonce.attr} type="text/javascript" src="@routes.HomeController.javascriptRoutes()"></script>
</head>
<body>
@content
Expand Down
5 changes: 5 additions & 0 deletions play-java-streaming-example/build.sbt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,3 +16,8 @@ javacOptions ++= Seq(
"-Xlint:deprecation",
"-Werror"
)

TwirlKeys.templateImports ++= Seq(
"play.mvc.Http.{ RequestHeader => JRequestHeader }",
"views.html.helper.CSPNonce"
)
10 changes: 5 additions & 5 deletions play-java-streaming-example/conf/routes
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,15 +4,15 @@

# Home page

GET / controllers.HomeController.index()
GET / controllers.HomeController.index(request: Request)

GET /java/comet controllers.JavaCometController.index()
GET /java/comet/liveClock controllers.JavaCometController.streamClock()
GET /java/comet controllers.JavaCometController.index(request: Request)
GET /java/comet/liveClock controllers.JavaCometController.streamClock(request: Request)

GET /java/eventSource controllers.JavaEventSourceController.index()
GET /java/eventSource controllers.JavaEventSourceController.index(request: Request)
GET /java/eventSource/liveClock controllers.JavaEventSourceController.streamClock()

GET /javascriptRoutes controllers.HomeController.javascriptRoutes
GET /javascriptRoutes controllers.HomeController.javascriptRoutes(request: Request)

# Map static resources from the /public folder to the /assets URL path
GET /assets/*file controllers.Assets.at(path="/public", file)
2 changes: 1 addition & 1 deletion play-java-streaming-example/public/javascripts/eventsource.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,5 +4,5 @@ if (!!window.EventSource) {
$('#clock').html(e.data.replace(/(\d)/g, '<span>$1</span>'))
});
} else {
$("#clock").html("Sorry. This browser doesn't seem to support Server sent event. Check <a href='http://html5test.com/compare/feature/communication-eventSource.html'>html5test</a> for browser compatibility.");
$("#clock").html("Sorry. This browser doesn't seem to support Server sent event. Check <a href='https://html5test.com/compare/feature/communication.eventSource.html'>html5test</a> for browser compatibility.");
}
Loading