MediaFileServlet.java

  1. /*
  2.  * #%L
  3.  * wcm.io
  4.  * %%
  5.  * Copyright (C) 2014 wcm.io
  6.  * %%
  7.  * Licensed under the Apache License, Version 2.0 (the "License");
  8.  * you may not use this file except in compliance with the License.
  9.  * You may obtain a copy of the License at
  10.  *
  11.  *      http://www.apache.org/licenses/LICENSE-2.0
  12.  *
  13.  * Unless required by applicable law or agreed to in writing, software
  14.  * distributed under the License is distributed on an "AS IS" BASIS,
  15.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16.  * See the License for the specific language governing permissions and
  17.  * limitations under the License.
  18.  * #L%
  19.  */
  20. package io.wcm.handler.media.impl;

  22. import javax.servlet.Servlet;

  24. import org.apache.sling.api.SlingHttpServletResponse;
  25. import org.apache.sling.api.servlets.HttpConstants;
  26. import org.jetbrains.annotations.NotNull;
  27. import org.osgi.service.component.annotations.Activate;
  28. import org.osgi.service.component.annotations.Component;
  29. import org.osgi.service.metatype.annotations.AttributeDefinition;
  30. import org.osgi.service.metatype.annotations.Designate;
  31. import org.osgi.service.metatype.annotations.ObjectClassDefinition;

  33. import com.day.cq.commons.jcr.JcrConstants;

  35. /**
  36.  * Stream binary data stored in a nt:file or nt:resource node.
  37.  * Optional support for Content-Disposition header ("download_attachment").
  38.  */
  39. @Component(service = Servlet.class, immediate = true, property = {
  40.     "sling.servlet.extensions=" + MediaFileServletConstants.EXTENSION,
  41.     "sling.servlet.selectors=" + MediaFileServletConstants.SELECTOR,
  42.     "sling.servlet.resourceTypes=" + JcrConstants.NT_FILE,
  43.     "sling.servlet.resourceTypes=" + JcrConstants.NT_RESOURCE,
  44.     "sling.servlet.methods=" + HttpConstants.METHOD_GET
  45. })
  46. @Designate(ocd = MediaFileServlet.Config.class)
  47. public final class MediaFileServlet extends AbstractMediaFileServlet {
  48.   private static final long serialVersionUID = 1L;

  50.   private boolean svgContentSecurityPolicy;

  52.   @ObjectClassDefinition(
  53.       name = "wcm.io Media Handler Media File Servlet",
  54.       description = "Configures delivery of media file binaries.")
  55.   @interface Config {

  57.     @AttributeDefinition(
  58.         name = "SVG Content Security Policy",
  59.         description = "Apply XSS protection when serving SVG files by setting Content-Security-Policy to 'sandbox'.")
  60.     boolean svgContentSecurityPolicy() default true;

  62.   }

  64.   @Activate
  65.   private void activate(Config config) {
  66.     this.svgContentSecurityPolicy = config.svgContentSecurityPolicy();
  67.   }

  69.   @Override
  70.   protected void setSVGContentSecurityPolicy(@NotNull SlingHttpServletResponse response) {
  71.     if (this.svgContentSecurityPolicy) {
  72.       super.setSVGContentSecurityPolicy(response);
  73.     }
  74.   }

  76. }
Created with JaCoCo 0.8.13.202504020838