SpringWebSecurityConfig.java

1 
package org.cardanofoundation.explorer.api.config;
2
3 
import org.springframework.context.annotation.Bean;
4 
import org.springframework.context.annotation.Configuration;
5 
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
6 
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
7 
import org.springframework.security.web.SecurityFilterChain;
8 
import org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter;
9
10 
@Configuration
11 
@EnableWebSecurity
12 
public class SpringWebSecurityConfig {
13 
  @Bean
14 
  public SecurityFilterChain filterChain(final HttpSecurity http) throws Exception {
15 
    http.csrf((csrf) -> csrf.disable())
16 
        .authorizeHttpRequests((matcherRegistry) -> matcherRegistry.anyRequest().permitAll())
17 
        .headers(
18 
            (headers) ->
19 
                headers
20 
                    .contentSecurityPolicy(
21 
                        (policy) ->
22 
                            policy.policyDirectives(
23 
                                "default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; img-src 'self' 'unsafe-inline'"))
24 
                    .referrerPolicy(
25 
                        (policy) ->
26 
                            policy.policy(ReferrerPolicyHeaderWriter.ReferrerPolicy.SAME_ORIGIN))
27 
                    .permissionsPolicy((policy) -> policy.policy("geolocation=(self)")));
28
29 1 1. filterChain : replaced return value with null for org/cardanofoundation/explorer/api/config/SpringWebSecurityConfig::filterChain → SURVIVED
 
    return http.build();
30 
  }
31 
}

Mutations

29

1.1
Location : filterChain
Killed by : none replaced return value with null for org/cardanofoundation/explorer/api/config/SpringWebSecurityConfig::filterChain → SURVIVED

Active mutators

Tests examined


Report generated by PIT 1.14.2