Skip to content

Commit

Permalink
play-java-streaming-example: Add csp nonce
Browse files Browse the repository at this point in the history
mkurz committed Dec 19, 2023

Verified

This commit was signed with the committer’s verified signature.
mkurz Matthias Kurz
1 parent 3dc6c39 commit 368ac27
Showing 11 changed files with 56 additions and 44 deletions.
27 changes: 27 additions & 0 deletions play-java-streaming-example/app/controllers/HomeController.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
package controllers;

import javax.inject.Inject;

import play.routing.*;

import play.mvc.Controller;
import play.mvc.Http;
import play.mvc.Result;

public class HomeController extends Controller {

public Result index(final Http.Request request) {
return ok(views.html.index.render(request));
}

public Result javascriptRoutes(final Http.Request request) {
return ok(
JavaScriptReverseRouter.create(
"jsRoutes",
"jQuery.ajax",
request.host(),
routes.javascript.JavaEventSourceController.streamClock()
)
).as("text/javascript");
}
}
21 changes: 0 additions & 21 deletions play-java-streaming-example/app/controllers/HomeController.scala

This file was deleted.

Original file line number Diff line number Diff line change
@@ -4,22 +4,23 @@
import play.mvc.Controller;
import play.mvc.Http;
import play.mvc.Result;
import views.html.helper.CSPNonce;

import javax.inject.Singleton;

@Singleton
public class JavaCometController extends Controller implements JavaTicker {

public Result index() {
return ok(views.html.javacomet.render());
public Result index(final Http.Request request) {
return ok(views.html.javacomet.render(request));
}

public Result streamClock() {
return ok().chunked(getStringSource().via(Comet.string("parent.clockChanged"))).as(Http.MimeTypes.HTML);
public Result streamClock(final Http.Request request) {
return ok().chunked(getStringSource().via(Comet.string("parent.clockChanged", CSPNonce.apply(request.asScala())))).as(Http.MimeTypes.HTML);
}

public Result jsonClock() {
return ok().chunked(getJsonSource().via(Comet.json("parent.clockChanged"))).as(Http.MimeTypes.HTML);
public Result jsonClock(final Http.Request request) {
return ok().chunked(getJsonSource().via(Comet.json("parent.clockChanged", CSPNonce.apply(request.asScala())))).as(Http.MimeTypes.HTML);
}

}
Original file line number Diff line number Diff line change
@@ -11,8 +11,8 @@
@Singleton
public class JavaEventSourceController extends Controller implements JavaTicker {

public Result index() {
return ok(views.html.javaeventsource.render());
public Result index(final Http.Request request) {
return ok(views.html.javaeventsource.render(request));
}

public Result streamClock() {
2 changes: 1 addition & 1 deletion play-java-streaming-example/app/views/index.scala.html
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
@()
@()(implicit request: JRequestHeader)

@main {

6 changes: 3 additions & 3 deletions play-java-streaming-example/app/views/javacomet.scala.html
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
@()
@()(implicit request: JRequestHeader)

@main {

@@ -10,8 +10,8 @@ <h1 id="clock"></h1>
Clock events are pushed from the Server using a Comet connection.
</p>

<script src="@routes.Assets.at("javascripts/comet.js")"></script>
<script @{CSPNonce.attr} src="@routes.Assets.at("javascripts/comet.js")"></script>

<iframe id="comet" src="@routes.JavaCometController.streamClock().unique()"></iframe>
<iframe id="comet" hidden src="@routes.JavaCometController.streamClock().unique()"></iframe>

}
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
@()
@()(implicit request: JRequestHeader)

@main {
<h1>Server Sent Event clock</h1>
@@ -9,5 +9,5 @@ <h1 id="clock"></h1>
Clock events are pushed from the Server using a Server Sent Event connection.
</p>

<script src="@routes.Assets.at("javascripts/eventsource.js")"></script>
<script @{CSPNonce.attr} src="@routes.Assets.at("javascripts/eventsource.js")"></script>
}
6 changes: 3 additions & 3 deletions play-java-streaming-example/app/views/main.scala.html
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
@(content: Html)
@(content: Html)(implicit request: play.api.mvc.RequestHeader)

<!DOCTYPE html>

@@ -7,8 +7,8 @@
<title>EventSource clock</title>
<link rel="stylesheet" media="screen" href="@routes.Assets.at("stylesheets/main.css")">
<link rel="shortcut icon" type="image/png" href="@routes.Assets.at("images/favicon.png")">
<script src="@routes.Assets.at("javascripts/jquery-3.2.0.slim.js")" type="text/javascript"></script>
<script type="text/javascript" src="@routes.HomeController.javascriptRoutes"></script>
<script @{CSPNonce.attr} src="@routes.Assets.at("javascripts/jquery-3.2.0.slim.js")" type="text/javascript"></script>
<script @{CSPNonce.attr} type="text/javascript" src="@routes.HomeController.javascriptRoutes()"></script>
</head>
<body>
@content
5 changes: 5 additions & 0 deletions play-java-streaming-example/build.sbt
Original file line number Diff line number Diff line change
@@ -16,3 +16,8 @@ javacOptions ++= Seq(
"-Xlint:deprecation",
"-Werror"
)

TwirlKeys.templateImports ++= Seq(
"play.mvc.Http.{ RequestHeader => JRequestHeader }",
"views.html.helper.CSPNonce"
)
10 changes: 5 additions & 5 deletions play-java-streaming-example/conf/routes
Original file line number Diff line number Diff line change
@@ -4,15 +4,15 @@

# Home page

GET / controllers.HomeController.index()
GET / controllers.HomeController.index(request: Request)

GET /java/comet controllers.JavaCometController.index()
GET /java/comet/liveClock controllers.JavaCometController.streamClock()
GET /java/comet controllers.JavaCometController.index(request: Request)
GET /java/comet/liveClock controllers.JavaCometController.streamClock(request: Request)

GET /java/eventSource controllers.JavaEventSourceController.index()
GET /java/eventSource controllers.JavaEventSourceController.index(request: Request)
GET /java/eventSource/liveClock controllers.JavaEventSourceController.streamClock()

GET /javascriptRoutes controllers.HomeController.javascriptRoutes
GET /javascriptRoutes controllers.HomeController.javascriptRoutes(request: Request)

# Map static resources from the /public folder to the /assets URL path
GET /assets/*file controllers.Assets.at(path="/public", file)
Original file line number Diff line number Diff line change
@@ -4,5 +4,5 @@ if (!!window.EventSource) {
$('#clock').html(e.data.replace(/(\d)/g, '<span>$1</span>'))
});
} else {
$("#clock").html("Sorry. This browser doesn't seem to support Server sent event. Check <a href='http://html5test.com/compare/feature/communication-eventSource.html'>html5test</a> for browser compatibility.");
$("#clock").html("Sorry. This browser doesn't seem to support Server sent event. Check <a href='https://html5test.com/compare/feature/communication.eventSource.html'>html5test</a> for browser compatibility.");
}

0 comments on commit 368ac27

Please sign in to comment.