package act.security;

/*-

* #%L

* ACT Framework

* %%

* Copyright (C) 2014 - 2018 ActFramework

* %%

* Licensed under the Apache License, Version 2.0 (the "License");

* you may not use this file except in compliance with the License.

* You may obtain a copy of the License at

*

* http://www.apache.org/licenses/LICENSE-2.0

*

* Unless required by applicable law or agreed to in writing, software

* distributed under the License is distributed on an "AS IS" BASIS,

* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

* See the License for the specific language governing permissions and

* limitations under the License.

* #L%

*/

import java.lang.annotation.*;

@Documented

@Retention(RetentionPolicy.RUNTIME)

@Target({ElementType.METHOD, ElementType.TYPE})

public @interface CSP {

String value();

/**

* Mark a controller class or action handler method that

* shall not output `Content-Security-Policy` header.

* This can be used to construct the blacklist of CSP enabled

* resources when the global

* {@link act.conf.AppConfigKey#CONTENT_SECURITY_POLICY} is enabled

*/

@Documented

@Retention(RetentionPolicy.RUNTIME)

@Target({ElementType.METHOD, ElementType.TYPE})

@interface Disable {

}

}