struts
struts copied to clipboard
apache
WW-5504 Allows to use request instead of session attribute to store nonce
I'm not sure if i missed something.
In DefaultCSPSettings, when creating the poplicy format, the nonce is always taken from the session
` return format(policyFormatBuilder.toString(), getNonceString(request)); }
protected String getNonceString(HttpServletRequest request) {
Object nonce = **request.getSession().getAttribute(NONCE_KEY);**
return Objects.toString(nonce);
}`
Quality Gate failed
Failed conditions
22 Security Hotspots
42.3% Coverage on New Code (required ≥ 80%)
3.4% Duplication on New Code (required ≤ 3%)
E Security Rating on New Code (required ≥ A)
E Reliability Rating on New Code (required ≥ A)
See analysis details on SonarQube Cloud
Catch issues before they fail your Quality Gate with our IDE extension 
SonarQube for IDE
![sonarqubecloud[bot] avatar](https://avatars.githubusercontent.com/in/12526?v=4 "Published by a pub.dev verified publisher"){kind=small}
Quality Gate failed
Failed conditions
22 Security Hotspots
42.3% Coverage on New Code (required ≥ 80%)
3.4% Duplication on New Code (required ≤ 3%)
E Security Rating on New Code (required ≥ A)
E Reliability Rating on New Code (required ≥ A)
See analysis details on SonarQube Cloud
Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE