/**
* Check if CSP Header setting is already inherited from one.app (top level context) See
* https://www.w3.org/TR/CSP2/#which-policy-applies
*
* @param defDesc
* @param req
* @return true if CSP header setting can be skipped
*/
private boolean canSkipCSPHeader(final DefDescriptor<?> defDesc, final HttpServletRequest req) {
if (defDesc == null | req == null) {
return false;
}
// CSP inheritance is supported starting from CSP2
if (!isCSP2Supported(req)) {
return false;
}
final String descriptorName = defDesc.getDescriptorName();
if (!descriptorName.equals("one:one")) { // only skip while loading one.app
return false;
}
final String auraFormat = req.getParameter("aura.format");
if (auraFormat != null && auraFormat.equals("HTML")) {
return false;
}
// Skip one.app requests for non HTML content with already established aura context
final String auraContext = req.getParameter("aura.context");
if (auraContext != null) {
return true;
}
return false;
}
