diff --git a/play-java-streaming-example/app/controllers/HomeController.java b/play-java-streaming-example/app/controllers/HomeController.java new file mode 100644 index 000000000..427c8d9b2 --- /dev/null +++ b/play-java-streaming-example/app/controllers/HomeController.java @@ -0,0 +1,27 @@ +package controllers; + +import javax.inject.Inject; + +import play.routing.*; + +import play.mvc.Controller; +import play.mvc.Http; +import play.mvc.Result; + +public class HomeController extends Controller { + + public Result index(final Http.Request request) { + return ok(views.html.index.render(request)); + } + + public Result javascriptRoutes(final Http.Request request) { + return ok( + JavaScriptReverseRouter.create( + "jsRoutes", + "jQuery.ajax", + request.host(), + routes.javascript.JavaEventSourceController.streamClock() + ) + ).as("text/javascript"); + } +} diff --git a/play-java-streaming-example/app/controllers/HomeController.scala b/play-java-streaming-example/app/controllers/HomeController.scala deleted file mode 100644 index 681186a51..000000000 --- a/play-java-streaming-example/app/controllers/HomeController.scala +++ /dev/null @@ -1,21 +0,0 @@ -package controllers - -import javax.inject.Inject - -import play.api.mvc._ -import play.api.routing._ - -class HomeController @Inject()(cc: ControllerComponents) extends AbstractController(cc) { - - def index() = Action { - Ok(views.html.index()) - } - - def javascriptRoutes: Action[AnyContent] = Action { implicit request => - Ok( - JavaScriptReverseRouter("jsRoutes")( - routes.javascript.JavaEventSourceController.streamClock - ) - ).as("text/javascript") - } -} diff --git a/play-java-streaming-example/app/controllers/JavaCometController.java b/play-java-streaming-example/app/controllers/JavaCometController.java index 9071302cd..5374e4f89 100644 --- a/play-java-streaming-example/app/controllers/JavaCometController.java +++ b/play-java-streaming-example/app/controllers/JavaCometController.java @@ -4,22 +4,23 @@ import play.mvc.Controller; import play.mvc.Http; import play.mvc.Result; +import views.html.helper.CSPNonce; import javax.inject.Singleton; @Singleton public class JavaCometController extends Controller implements JavaTicker { - public Result index() { - return ok(views.html.javacomet.render()); + public Result index(final Http.Request request) { + return ok(views.html.javacomet.render(request)); } - public Result streamClock() { - return ok().chunked(getStringSource().via(Comet.string("parent.clockChanged"))).as(Http.MimeTypes.HTML); + public Result streamClock(final Http.Request request) { + return ok().chunked(getStringSource().via(Comet.string("parent.clockChanged", CSPNonce.apply(request.asScala())))).as(Http.MimeTypes.HTML); } - public Result jsonClock() { - return ok().chunked(getJsonSource().via(Comet.json("parent.clockChanged"))).as(Http.MimeTypes.HTML); + public Result jsonClock(final Http.Request request) { + return ok().chunked(getJsonSource().via(Comet.json("parent.clockChanged", CSPNonce.apply(request.asScala())))).as(Http.MimeTypes.HTML); } } diff --git a/play-java-streaming-example/app/controllers/JavaEventSourceController.java b/play-java-streaming-example/app/controllers/JavaEventSourceController.java index 90da79882..b8d478fae 100644 --- a/play-java-streaming-example/app/controllers/JavaEventSourceController.java +++ b/play-java-streaming-example/app/controllers/JavaEventSourceController.java @@ -11,8 +11,8 @@ @Singleton public class JavaEventSourceController extends Controller implements JavaTicker { - public Result index() { - return ok(views.html.javaeventsource.render()); + public Result index(final Http.Request request) { + return ok(views.html.javaeventsource.render(request)); } public Result streamClock() { diff --git a/play-java-streaming-example/app/views/index.scala.html b/play-java-streaming-example/app/views/index.scala.html index 0257fe2df..5f955a143 100644 --- a/play-java-streaming-example/app/views/index.scala.html +++ b/play-java-streaming-example/app/views/index.scala.html @@ -1,4 +1,4 @@ -@() +@()(implicit request: JRequestHeader) @main { diff --git a/play-java-streaming-example/app/views/javacomet.scala.html b/play-java-streaming-example/app/views/javacomet.scala.html index 9c4ac7d9d..a083f047e 100644 --- a/play-java-streaming-example/app/views/javacomet.scala.html +++ b/play-java-streaming-example/app/views/javacomet.scala.html @@ -1,4 +1,4 @@ -@() +@()(implicit request: JRequestHeader) @main { @@ -10,8 +10,8 @@ <h1 id="clock"></h1> Clock events are pushed from the Server using a Comet connection. </p> - <script src="@routes.Assets.at("javascripts/comet.js")"></script> + <script @{CSPNonce.attr} src="@routes.Assets.at("javascripts/comet.js")"></script> - <iframe id="comet" src="@routes.JavaCometController.streamClock().unique()"></iframe> + <iframe id="comet" hidden src="@routes.JavaCometController.streamClock().unique()"></iframe> } diff --git a/play-java-streaming-example/app/views/javaeventsource.scala.html b/play-java-streaming-example/app/views/javaeventsource.scala.html index bc2f19a4c..4ce6732d5 100644 --- a/play-java-streaming-example/app/views/javaeventsource.scala.html +++ b/play-java-streaming-example/app/views/javaeventsource.scala.html @@ -1,4 +1,4 @@ -@() +@()(implicit request: JRequestHeader) @main { <h1>Server Sent Event clock</h1> @@ -9,5 +9,5 @@ <h1 id="clock"></h1> Clock events are pushed from the Server using a Server Sent Event connection. </p> - <script src="@routes.Assets.at("javascripts/eventsource.js")"></script> + <script @{CSPNonce.attr} src="@routes.Assets.at("javascripts/eventsource.js")"></script> } diff --git a/play-java-streaming-example/app/views/main.scala.html b/play-java-streaming-example/app/views/main.scala.html index c258c84d3..8f9cf62c7 100644 --- a/play-java-streaming-example/app/views/main.scala.html +++ b/play-java-streaming-example/app/views/main.scala.html @@ -1,4 +1,4 @@ -@(content: Html) +@(content: Html)(implicit request: play.api.mvc.RequestHeader) <!DOCTYPE html> @@ -7,8 +7,8 @@ <title>EventSource clock</title> <link rel="stylesheet" media="screen" href="@routes.Assets.at("stylesheets/main.css")"> <link rel="shortcut icon" type="image/png" href="@routes.Assets.at("images/favicon.png")"> - <script src="@routes.Assets.at("javascripts/jquery-3.2.0.slim.js")" type="text/javascript"></script> - <script type="text/javascript" src="@routes.HomeController.javascriptRoutes"></script> + <script @{CSPNonce.attr} src="@routes.Assets.at("javascripts/jquery-3.2.0.slim.js")" type="text/javascript"></script> + <script @{CSPNonce.attr} type="text/javascript" src="@routes.HomeController.javascriptRoutes()"></script> </head> <body> @content diff --git a/play-java-streaming-example/build.sbt b/play-java-streaming-example/build.sbt index 98511600b..cc3afaad5 100644 --- a/play-java-streaming-example/build.sbt +++ b/play-java-streaming-example/build.sbt @@ -16,3 +16,8 @@ javacOptions ++= Seq( "-Xlint:deprecation", "-Werror" ) + +TwirlKeys.templateImports ++= Seq( + "play.mvc.Http.{ RequestHeader => JRequestHeader }", + "views.html.helper.CSPNonce" +) diff --git a/play-java-streaming-example/conf/routes b/play-java-streaming-example/conf/routes index 1d8ea9318..1626541eb 100644 --- a/play-java-streaming-example/conf/routes +++ b/play-java-streaming-example/conf/routes @@ -4,15 +4,15 @@ # Home page -GET / controllers.HomeController.index() +GET / controllers.HomeController.index(request: Request) -GET /java/comet controllers.JavaCometController.index() -GET /java/comet/liveClock controllers.JavaCometController.streamClock() +GET /java/comet controllers.JavaCometController.index(request: Request) +GET /java/comet/liveClock controllers.JavaCometController.streamClock(request: Request) -GET /java/eventSource controllers.JavaEventSourceController.index() +GET /java/eventSource controllers.JavaEventSourceController.index(request: Request) GET /java/eventSource/liveClock controllers.JavaEventSourceController.streamClock() -GET /javascriptRoutes controllers.HomeController.javascriptRoutes +GET /javascriptRoutes controllers.HomeController.javascriptRoutes(request: Request) # Map static resources from the /public folder to the /assets URL path GET /assets/*file controllers.Assets.at(path="/public", file) diff --git a/play-java-streaming-example/public/javascripts/eventsource.js b/play-java-streaming-example/public/javascripts/eventsource.js index 5c3d4e406..a0844911d 100644 --- a/play-java-streaming-example/public/javascripts/eventsource.js +++ b/play-java-streaming-example/public/javascripts/eventsource.js @@ -4,5 +4,5 @@ if (!!window.EventSource) { $('#clock').html(e.data.replace(/(\d)/g, '<span>$1</span>')) }); } else { - $("#clock").html("Sorry. This browser doesn't seem to support Server sent event. Check <a href='http://html5test.com/compare/feature/communication-eventSource.html'>html5test</a> for browser compatibility."); + $("#clock").html("Sorry. This browser doesn't seem to support Server sent event. Check <a href='https://html5test.com/compare/feature/communication.eventSource.html'>html5test</a> for browser compatibility."); }