diff --git a/modules/swagger-codegen/src/main/resources/JavaPlayFramework/application.mustache b/modules/swagger-codegen/src/main/resources/JavaPlayFramework/application.mustache index fb9e96a91f3..c8a2d02d746 100644 --- a/modules/swagger-codegen/src/main/resources/JavaPlayFramework/application.mustache +++ b/modules/swagger-codegen/src/main/resources/JavaPlayFramework/application.mustache @@ -15,6 +15,8 @@ # HOCON will fall back to substituting environment variable: #mykey = ${JAVA_HOME} +play.filters.headers.contentSecurityPolicy=null + {{#handleExceptions}} play.http.errorHandler="swagger.ErrorHandler" {{/handleExceptions}} @@ -44,7 +46,7 @@ akka { # ~~~~~ # The secret key is used to sign Play's session cookie. # This must be changed for production, but we don't recommend you change it in this file. -play.crypto.secret = "changeme" +play.http.secret.key = "changeme" ## Modules # https://www.playframework.com/documentation/latest/Modules @@ -69,6 +71,11 @@ play.modules { {{/useInterfaces}} } +play.assets { +path = "/public" +urlPrefix = "/assets" +} + ## IDE # https://www.playframework.com/documentation/latest/IDE # ~~~~~ @@ -268,7 +275,8 @@ csrf { # ~~~~~ # Defines security headers that prevent XSS attacks. # If enabled, then all options are set to the below configuration by default: -headers { +play.filters.headers { + # The X-Frame-Options header. If null, the header is not set. #frameOptions = "DENY" @@ -282,7 +290,13 @@ headers { #permittedCrossDomainPolicies = "master-only" # The Content-Security-Policy header. If null, the header is not set. -#contentSecurityPolicy = "default-src 'self'" +contentSecurityPolicy = "default-src 'self'" + +# The Referrer-Policy header. If null, the header is not set. +#referrerPolicy = "origin-when-cross-origin, strict-origin-when-cross-origin" + +# If true, allow an action to use .withHeaders to replace one or more of the above headers +#allowActionSpecificHeaders = false } ## Allowed hosts filter configuration diff --git a/modules/swagger-codegen/src/main/resources/JavaPlayFramework/build.mustache b/modules/swagger-codegen/src/main/resources/JavaPlayFramework/build.mustache index 1eaed53ddb3..cf57cb439ef 100644 --- a/modules/swagger-codegen/src/main/resources/JavaPlayFramework/build.mustache +++ b/modules/swagger-codegen/src/main/resources/JavaPlayFramework/build.mustache @@ -4,11 +4,12 @@ version := "1.0-SNAPSHOT" lazy val root = (project in file(".")).enablePlugins(PlayJava) -scalaVersion := "2.11.7" +scalaVersion := "2.12.2" {{#useSwaggerUI}} -libraryDependencies += "org.webjars" % "swagger-ui" % "2.2.10-1" +libraryDependencies += "org.webjars" % "swagger-ui" % "3.1.5" {{/useSwaggerUI}} {{#useBeanValidation}} libraryDependencies += "javax.validation" % "validation-api" % "1.1.0.Final" {{/useBeanValidation}} +libraryDependencies += guice diff --git a/modules/swagger-codegen/src/main/resources/JavaPlayFramework/buildproperties.mustache b/modules/swagger-codegen/src/main/resources/JavaPlayFramework/buildproperties.mustache index 59e7c05b62f..cf19fd026fd 100644 --- a/modules/swagger-codegen/src/main/resources/JavaPlayFramework/buildproperties.mustache +++ b/modules/swagger-codegen/src/main/resources/JavaPlayFramework/buildproperties.mustache @@ -1 +1 @@ -sbt.version=0.13.11 \ No newline at end of file +sbt.version=0.13.15 \ No newline at end of file diff --git a/modules/swagger-codegen/src/main/resources/JavaPlayFramework/plugins.mustache b/modules/swagger-codegen/src/main/resources/JavaPlayFramework/plugins.mustache index ea1f1061fbc..66fbf368ae6 100644 --- a/modules/swagger-codegen/src/main/resources/JavaPlayFramework/plugins.mustache +++ b/modules/swagger-codegen/src/main/resources/JavaPlayFramework/plugins.mustache @@ -1,2 +1,2 @@ // The Play plugin -addSbtPlugin("com.typesafe.play" % "sbt-plugin" % "2.5.13") +addSbtPlugin("com.typesafe.play" % "sbt-plugin" % "2.6.3") diff --git a/modules/swagger-codegen/src/main/resources/JavaPlayFramework/routes.mustache b/modules/swagger-codegen/src/main/resources/JavaPlayFramework/routes.mustache index 9932b658857..8303ec77af3 100644 --- a/modules/swagger-codegen/src/main/resources/JavaPlayFramework/routes.mustache +++ b/modules/swagger-codegen/src/main/resources/JavaPlayFramework/routes.mustache @@ -19,4 +19,5 @@ GET /api controllers.ApiDocController.api {{/apiInfo}} # Map static resources from the /public folder to the /assets URL path -GET /assets/*file controllers.Assets.versioned(path="/public", file: Asset) \ No newline at end of file +GET /assets/*file controllers.Assets.at(file) +GET /versionedAssets/*file controllers.Assets.versioned(file) \ No newline at end of file diff --git a/samples/server/petstore/java-play-framework-controller-only/build.sbt b/samples/server/petstore/java-play-framework-controller-only/build.sbt index 27d03e3eef0..e425cf8cfe6 100644 --- a/samples/server/petstore/java-play-framework-controller-only/build.sbt +++ b/samples/server/petstore/java-play-framework-controller-only/build.sbt @@ -4,7 +4,8 @@ version := "1.0-SNAPSHOT" lazy val root = (project in file(".")).enablePlugins(PlayJava) -scalaVersion := "2.11.7" +scalaVersion := "2.12.2" -libraryDependencies += "org.webjars" % "swagger-ui" % "2.2.10-1" +libraryDependencies += "org.webjars" % "swagger-ui" % "3.1.5" libraryDependencies += "javax.validation" % "validation-api" % "1.1.0.Final" +libraryDependencies += guice diff --git a/samples/server/petstore/java-play-framework-controller-only/conf/application.conf b/samples/server/petstore/java-play-framework-controller-only/conf/application.conf index 76b600f75f7..514ce684a77 100644 --- a/samples/server/petstore/java-play-framework-controller-only/conf/application.conf +++ b/samples/server/petstore/java-play-framework-controller-only/conf/application.conf @@ -15,6 +15,8 @@ # HOCON will fall back to substituting environment variable: #mykey = ${JAVA_HOME} +play.filters.headers.contentSecurityPolicy=null + play.http.errorHandler="swagger.ErrorHandler" ## Akka @@ -42,7 +44,7 @@ akka { # ~~~~~ # The secret key is used to sign Play's session cookie. # This must be changed for production, but we don't recommend you change it in this file. -play.crypto.secret = "changeme" +play.http.secret.key = "changeme" ## Modules # https://www.playframework.com/documentation/latest/Modules @@ -62,6 +64,11 @@ play.modules { disabled += "Module" } +play.assets { +path = "/public" +urlPrefix = "/assets" +} + ## IDE # https://www.playframework.com/documentation/latest/IDE # ~~~~~ @@ -261,7 +268,8 @@ csrf { # ~~~~~ # Defines security headers that prevent XSS attacks. # If enabled, then all options are set to the below configuration by default: -headers { +play.filters.headers { + # The X-Frame-Options header. If null, the header is not set. #frameOptions = "DENY" @@ -275,7 +283,13 @@ headers { #permittedCrossDomainPolicies = "master-only" # The Content-Security-Policy header. If null, the header is not set. -#contentSecurityPolicy = "default-src 'self'" +contentSecurityPolicy = "default-src 'self'" + +# The Referrer-Policy header. If null, the header is not set. +#referrerPolicy = "origin-when-cross-origin, strict-origin-when-cross-origin" + +# If true, allow an action to use .withHeaders to replace one or more of the above headers +#allowActionSpecificHeaders = false } ## Allowed hosts filter configuration diff --git a/samples/server/petstore/java-play-framework-controller-only/conf/routes b/samples/server/petstore/java-play-framework-controller-only/conf/routes index 48682c4ba2e..775497a59fc 100644 --- a/samples/server/petstore/java-play-framework-controller-only/conf/routes +++ b/samples/server/petstore/java-play-framework-controller-only/conf/routes @@ -32,4 +32,5 @@ GET /v2/user/logout controllers.UserApiController.logout PUT /v2/user/:username controllers.UserApiController.updateUser(username: String) # Map static resources from the /public folder to the /assets URL path -GET /assets/*file controllers.Assets.versioned(path="/public", file: Asset) \ No newline at end of file +GET /assets/*file controllers.Assets.at(file) +GET /versionedAssets/*file controllers.Assets.versioned(file) \ No newline at end of file diff --git a/samples/server/petstore/java-play-framework-controller-only/project/build.properties b/samples/server/petstore/java-play-framework-controller-only/project/build.properties index 59e7c05b62f..cf19fd026fd 100644 --- a/samples/server/petstore/java-play-framework-controller-only/project/build.properties +++ b/samples/server/petstore/java-play-framework-controller-only/project/build.properties @@ -1 +1 @@ -sbt.version=0.13.11 \ No newline at end of file +sbt.version=0.13.15 \ No newline at end of file diff --git a/samples/server/petstore/java-play-framework-controller-only/project/plugins.sbt b/samples/server/petstore/java-play-framework-controller-only/project/plugins.sbt index ea1f1061fbc..66fbf368ae6 100644 --- a/samples/server/petstore/java-play-framework-controller-only/project/plugins.sbt +++ b/samples/server/petstore/java-play-framework-controller-only/project/plugins.sbt @@ -1,2 +1,2 @@ // The Play plugin -addSbtPlugin("com.typesafe.play" % "sbt-plugin" % "2.5.13") +addSbtPlugin("com.typesafe.play" % "sbt-plugin" % "2.6.3") diff --git a/samples/server/petstore/java-play-framework-fake-endpoints/build.sbt b/samples/server/petstore/java-play-framework-fake-endpoints/build.sbt index 27d03e3eef0..e425cf8cfe6 100644 --- a/samples/server/petstore/java-play-framework-fake-endpoints/build.sbt +++ b/samples/server/petstore/java-play-framework-fake-endpoints/build.sbt @@ -4,7 +4,8 @@ version := "1.0-SNAPSHOT" lazy val root = (project in file(".")).enablePlugins(PlayJava) -scalaVersion := "2.11.7" +scalaVersion := "2.12.2" -libraryDependencies += "org.webjars" % "swagger-ui" % "2.2.10-1" +libraryDependencies += "org.webjars" % "swagger-ui" % "3.1.5" libraryDependencies += "javax.validation" % "validation-api" % "1.1.0.Final" +libraryDependencies += guice diff --git a/samples/server/petstore/java-play-framework-fake-endpoints/conf/application.conf b/samples/server/petstore/java-play-framework-fake-endpoints/conf/application.conf index dd23556671a..a361b74d38e 100644 --- a/samples/server/petstore/java-play-framework-fake-endpoints/conf/application.conf +++ b/samples/server/petstore/java-play-framework-fake-endpoints/conf/application.conf @@ -15,6 +15,8 @@ # HOCON will fall back to substituting environment variable: #mykey = ${JAVA_HOME} +play.filters.headers.contentSecurityPolicy=null + play.http.errorHandler="swagger.ErrorHandler" ## Akka @@ -42,7 +44,7 @@ akka { # ~~~~~ # The secret key is used to sign Play's session cookie. # This must be changed for production, but we don't recommend you change it in this file. -play.crypto.secret = "changeme" +play.http.secret.key = "changeme" ## Modules # https://www.playframework.com/documentation/latest/Modules @@ -61,6 +63,11 @@ play.modules { # If there are any built-in modules that you want to disable, you can list them here. } +play.assets { +path = "/public" +urlPrefix = "/assets" +} + ## IDE # https://www.playframework.com/documentation/latest/IDE # ~~~~~ @@ -260,7 +267,8 @@ csrf { # ~~~~~ # Defines security headers that prevent XSS attacks. # If enabled, then all options are set to the below configuration by default: -headers { +play.filters.headers { + # The X-Frame-Options header. If null, the header is not set. #frameOptions = "DENY" @@ -274,7 +282,13 @@ headers { #permittedCrossDomainPolicies = "master-only" # The Content-Security-Policy header. If null, the header is not set. -#contentSecurityPolicy = "default-src 'self'" +contentSecurityPolicy = "default-src 'self'" + +# The Referrer-Policy header. If null, the header is not set. +#referrerPolicy = "origin-when-cross-origin, strict-origin-when-cross-origin" + +# If true, allow an action to use .withHeaders to replace one or more of the above headers +#allowActionSpecificHeaders = false } ## Allowed hosts filter configuration diff --git a/samples/server/petstore/java-play-framework-fake-endpoints/conf/routes b/samples/server/petstore/java-play-framework-fake-endpoints/conf/routes index 2cfbe460512..26b70790d0a 100644 --- a/samples/server/petstore/java-play-framework-fake-endpoints/conf/routes +++ b/samples/server/petstore/java-play-framework-fake-endpoints/conf/routes @@ -45,4 +45,5 @@ GET /v2/user/logout controllers.UserApiController.logout PUT /v2/user/:username controllers.UserApiController.updateUser(username: String) # Map static resources from the /public folder to the /assets URL path -GET /assets/*file controllers.Assets.versioned(path="/public", file: Asset) \ No newline at end of file +GET /assets/*file controllers.Assets.at(file) +GET /versionedAssets/*file controllers.Assets.versioned(file) \ No newline at end of file diff --git a/samples/server/petstore/java-play-framework-fake-endpoints/project/build.properties b/samples/server/petstore/java-play-framework-fake-endpoints/project/build.properties index 59e7c05b62f..cf19fd026fd 100644 --- a/samples/server/petstore/java-play-framework-fake-endpoints/project/build.properties +++ b/samples/server/petstore/java-play-framework-fake-endpoints/project/build.properties @@ -1 +1 @@ -sbt.version=0.13.11 \ No newline at end of file +sbt.version=0.13.15 \ No newline at end of file diff --git a/samples/server/petstore/java-play-framework-fake-endpoints/project/plugins.sbt b/samples/server/petstore/java-play-framework-fake-endpoints/project/plugins.sbt index ea1f1061fbc..66fbf368ae6 100644 --- a/samples/server/petstore/java-play-framework-fake-endpoints/project/plugins.sbt +++ b/samples/server/petstore/java-play-framework-fake-endpoints/project/plugins.sbt @@ -1,2 +1,2 @@ // The Play plugin -addSbtPlugin("com.typesafe.play" % "sbt-plugin" % "2.5.13") +addSbtPlugin("com.typesafe.play" % "sbt-plugin" % "2.6.3") diff --git a/samples/server/petstore/java-play-framework-no-bean-validation/build.sbt b/samples/server/petstore/java-play-framework-no-bean-validation/build.sbt index 4eb7ed94065..bf4cadd8710 100644 --- a/samples/server/petstore/java-play-framework-no-bean-validation/build.sbt +++ b/samples/server/petstore/java-play-framework-no-bean-validation/build.sbt @@ -4,6 +4,7 @@ version := "1.0-SNAPSHOT" lazy val root = (project in file(".")).enablePlugins(PlayJava) -scalaVersion := "2.11.7" +scalaVersion := "2.12.2" -libraryDependencies += "org.webjars" % "swagger-ui" % "2.2.10-1" +libraryDependencies += "org.webjars" % "swagger-ui" % "3.1.5" +libraryDependencies += guice diff --git a/samples/server/petstore/java-play-framework-no-bean-validation/conf/application.conf b/samples/server/petstore/java-play-framework-no-bean-validation/conf/application.conf index dd23556671a..a361b74d38e 100644 --- a/samples/server/petstore/java-play-framework-no-bean-validation/conf/application.conf +++ b/samples/server/petstore/java-play-framework-no-bean-validation/conf/application.conf @@ -15,6 +15,8 @@ # HOCON will fall back to substituting environment variable: #mykey = ${JAVA_HOME} +play.filters.headers.contentSecurityPolicy=null + play.http.errorHandler="swagger.ErrorHandler" ## Akka @@ -42,7 +44,7 @@ akka { # ~~~~~ # The secret key is used to sign Play's session cookie. # This must be changed for production, but we don't recommend you change it in this file. -play.crypto.secret = "changeme" +play.http.secret.key = "changeme" ## Modules # https://www.playframework.com/documentation/latest/Modules @@ -61,6 +63,11 @@ play.modules { # If there are any built-in modules that you want to disable, you can list them here. } +play.assets { +path = "/public" +urlPrefix = "/assets" +} + ## IDE # https://www.playframework.com/documentation/latest/IDE # ~~~~~ @@ -260,7 +267,8 @@ csrf { # ~~~~~ # Defines security headers that prevent XSS attacks. # If enabled, then all options are set to the below configuration by default: -headers { +play.filters.headers { + # The X-Frame-Options header. If null, the header is not set. #frameOptions = "DENY" @@ -274,7 +282,13 @@ headers { #permittedCrossDomainPolicies = "master-only" # The Content-Security-Policy header. If null, the header is not set. -#contentSecurityPolicy = "default-src 'self'" +contentSecurityPolicy = "default-src 'self'" + +# The Referrer-Policy header. If null, the header is not set. +#referrerPolicy = "origin-when-cross-origin, strict-origin-when-cross-origin" + +# If true, allow an action to use .withHeaders to replace one or more of the above headers +#allowActionSpecificHeaders = false } ## Allowed hosts filter configuration diff --git a/samples/server/petstore/java-play-framework-no-bean-validation/conf/routes b/samples/server/petstore/java-play-framework-no-bean-validation/conf/routes index 48682c4ba2e..775497a59fc 100644 --- a/samples/server/petstore/java-play-framework-no-bean-validation/conf/routes +++ b/samples/server/petstore/java-play-framework-no-bean-validation/conf/routes @@ -32,4 +32,5 @@ GET /v2/user/logout controllers.UserApiController.logout PUT /v2/user/:username controllers.UserApiController.updateUser(username: String) # Map static resources from the /public folder to the /assets URL path -GET /assets/*file controllers.Assets.versioned(path="/public", file: Asset) \ No newline at end of file +GET /assets/*file controllers.Assets.at(file) +GET /versionedAssets/*file controllers.Assets.versioned(file) \ No newline at end of file diff --git a/samples/server/petstore/java-play-framework-no-bean-validation/project/build.properties b/samples/server/petstore/java-play-framework-no-bean-validation/project/build.properties index 59e7c05b62f..cf19fd026fd 100644 --- a/samples/server/petstore/java-play-framework-no-bean-validation/project/build.properties +++ b/samples/server/petstore/java-play-framework-no-bean-validation/project/build.properties @@ -1 +1 @@ -sbt.version=0.13.11 \ No newline at end of file +sbt.version=0.13.15 \ No newline at end of file diff --git a/samples/server/petstore/java-play-framework-no-bean-validation/project/plugins.sbt b/samples/server/petstore/java-play-framework-no-bean-validation/project/plugins.sbt index ea1f1061fbc..66fbf368ae6 100644 --- a/samples/server/petstore/java-play-framework-no-bean-validation/project/plugins.sbt +++ b/samples/server/petstore/java-play-framework-no-bean-validation/project/plugins.sbt @@ -1,2 +1,2 @@ // The Play plugin -addSbtPlugin("com.typesafe.play" % "sbt-plugin" % "2.5.13") +addSbtPlugin("com.typesafe.play" % "sbt-plugin" % "2.6.3") diff --git a/samples/server/petstore/java-play-framework-no-exception-handling/build.sbt b/samples/server/petstore/java-play-framework-no-exception-handling/build.sbt index 27d03e3eef0..e425cf8cfe6 100644 --- a/samples/server/petstore/java-play-framework-no-exception-handling/build.sbt +++ b/samples/server/petstore/java-play-framework-no-exception-handling/build.sbt @@ -4,7 +4,8 @@ version := "1.0-SNAPSHOT" lazy val root = (project in file(".")).enablePlugins(PlayJava) -scalaVersion := "2.11.7" +scalaVersion := "2.12.2" -libraryDependencies += "org.webjars" % "swagger-ui" % "2.2.10-1" +libraryDependencies += "org.webjars" % "swagger-ui" % "3.1.5" libraryDependencies += "javax.validation" % "validation-api" % "1.1.0.Final" +libraryDependencies += guice diff --git a/samples/server/petstore/java-play-framework-no-exception-handling/conf/application.conf b/samples/server/petstore/java-play-framework-no-exception-handling/conf/application.conf index 4e5ba9fbc8b..9b6a9566c96 100644 --- a/samples/server/petstore/java-play-framework-no-exception-handling/conf/application.conf +++ b/samples/server/petstore/java-play-framework-no-exception-handling/conf/application.conf @@ -15,6 +15,8 @@ # HOCON will fall back to substituting environment variable: #mykey = ${JAVA_HOME} +play.filters.headers.contentSecurityPolicy=null + ## Akka # https://www.playframework.com/documentation/latest/ScalaAkka#Configuration @@ -41,7 +43,7 @@ akka { # ~~~~~ # The secret key is used to sign Play's session cookie. # This must be changed for production, but we don't recommend you change it in this file. -play.crypto.secret = "changeme" +play.http.secret.key = "changeme" ## Modules # https://www.playframework.com/documentation/latest/Modules @@ -60,6 +62,11 @@ play.modules { # If there are any built-in modules that you want to disable, you can list them here. } +play.assets { +path = "/public" +urlPrefix = "/assets" +} + ## IDE # https://www.playframework.com/documentation/latest/IDE # ~~~~~ @@ -259,7 +266,8 @@ csrf { # ~~~~~ # Defines security headers that prevent XSS attacks. # If enabled, then all options are set to the below configuration by default: -headers { +play.filters.headers { + # The X-Frame-Options header. If null, the header is not set. #frameOptions = "DENY" @@ -273,7 +281,13 @@ headers { #permittedCrossDomainPolicies = "master-only" # The Content-Security-Policy header. If null, the header is not set. -#contentSecurityPolicy = "default-src 'self'" +contentSecurityPolicy = "default-src 'self'" + +# The Referrer-Policy header. If null, the header is not set. +#referrerPolicy = "origin-when-cross-origin, strict-origin-when-cross-origin" + +# If true, allow an action to use .withHeaders to replace one or more of the above headers +#allowActionSpecificHeaders = false } ## Allowed hosts filter configuration diff --git a/samples/server/petstore/java-play-framework-no-exception-handling/conf/routes b/samples/server/petstore/java-play-framework-no-exception-handling/conf/routes index 48682c4ba2e..775497a59fc 100644 --- a/samples/server/petstore/java-play-framework-no-exception-handling/conf/routes +++ b/samples/server/petstore/java-play-framework-no-exception-handling/conf/routes @@ -32,4 +32,5 @@ GET /v2/user/logout controllers.UserApiController.logout PUT /v2/user/:username controllers.UserApiController.updateUser(username: String) # Map static resources from the /public folder to the /assets URL path -GET /assets/*file controllers.Assets.versioned(path="/public", file: Asset) \ No newline at end of file +GET /assets/*file controllers.Assets.at(file) +GET /versionedAssets/*file controllers.Assets.versioned(file) \ No newline at end of file diff --git a/samples/server/petstore/java-play-framework-no-exception-handling/project/build.properties b/samples/server/petstore/java-play-framework-no-exception-handling/project/build.properties index 59e7c05b62f..cf19fd026fd 100644 --- a/samples/server/petstore/java-play-framework-no-exception-handling/project/build.properties +++ b/samples/server/petstore/java-play-framework-no-exception-handling/project/build.properties @@ -1 +1 @@ -sbt.version=0.13.11 \ No newline at end of file +sbt.version=0.13.15 \ No newline at end of file diff --git a/samples/server/petstore/java-play-framework-no-exception-handling/project/plugins.sbt b/samples/server/petstore/java-play-framework-no-exception-handling/project/plugins.sbt index ea1f1061fbc..66fbf368ae6 100644 --- a/samples/server/petstore/java-play-framework-no-exception-handling/project/plugins.sbt +++ b/samples/server/petstore/java-play-framework-no-exception-handling/project/plugins.sbt @@ -1,2 +1,2 @@ // The Play plugin -addSbtPlugin("com.typesafe.play" % "sbt-plugin" % "2.5.13") +addSbtPlugin("com.typesafe.play" % "sbt-plugin" % "2.6.3") diff --git a/samples/server/petstore/java-play-framework-no-interface/build.sbt b/samples/server/petstore/java-play-framework-no-interface/build.sbt index 27d03e3eef0..e425cf8cfe6 100644 --- a/samples/server/petstore/java-play-framework-no-interface/build.sbt +++ b/samples/server/petstore/java-play-framework-no-interface/build.sbt @@ -4,7 +4,8 @@ version := "1.0-SNAPSHOT" lazy val root = (project in file(".")).enablePlugins(PlayJava) -scalaVersion := "2.11.7" +scalaVersion := "2.12.2" -libraryDependencies += "org.webjars" % "swagger-ui" % "2.2.10-1" +libraryDependencies += "org.webjars" % "swagger-ui" % "3.1.5" libraryDependencies += "javax.validation" % "validation-api" % "1.1.0.Final" +libraryDependencies += guice diff --git a/samples/server/petstore/java-play-framework-no-interface/conf/application.conf b/samples/server/petstore/java-play-framework-no-interface/conf/application.conf index 76b600f75f7..514ce684a77 100644 --- a/samples/server/petstore/java-play-framework-no-interface/conf/application.conf +++ b/samples/server/petstore/java-play-framework-no-interface/conf/application.conf @@ -15,6 +15,8 @@ # HOCON will fall back to substituting environment variable: #mykey = ${JAVA_HOME} +play.filters.headers.contentSecurityPolicy=null + play.http.errorHandler="swagger.ErrorHandler" ## Akka @@ -42,7 +44,7 @@ akka { # ~~~~~ # The secret key is used to sign Play's session cookie. # This must be changed for production, but we don't recommend you change it in this file. -play.crypto.secret = "changeme" +play.http.secret.key = "changeme" ## Modules # https://www.playframework.com/documentation/latest/Modules @@ -62,6 +64,11 @@ play.modules { disabled += "Module" } +play.assets { +path = "/public" +urlPrefix = "/assets" +} + ## IDE # https://www.playframework.com/documentation/latest/IDE # ~~~~~ @@ -261,7 +268,8 @@ csrf { # ~~~~~ # Defines security headers that prevent XSS attacks. # If enabled, then all options are set to the below configuration by default: -headers { +play.filters.headers { + # The X-Frame-Options header. If null, the header is not set. #frameOptions = "DENY" @@ -275,7 +283,13 @@ headers { #permittedCrossDomainPolicies = "master-only" # The Content-Security-Policy header. If null, the header is not set. -#contentSecurityPolicy = "default-src 'self'" +contentSecurityPolicy = "default-src 'self'" + +# The Referrer-Policy header. If null, the header is not set. +#referrerPolicy = "origin-when-cross-origin, strict-origin-when-cross-origin" + +# If true, allow an action to use .withHeaders to replace one or more of the above headers +#allowActionSpecificHeaders = false } ## Allowed hosts filter configuration diff --git a/samples/server/petstore/java-play-framework-no-interface/conf/routes b/samples/server/petstore/java-play-framework-no-interface/conf/routes index 48682c4ba2e..775497a59fc 100644 --- a/samples/server/petstore/java-play-framework-no-interface/conf/routes +++ b/samples/server/petstore/java-play-framework-no-interface/conf/routes @@ -32,4 +32,5 @@ GET /v2/user/logout controllers.UserApiController.logout PUT /v2/user/:username controllers.UserApiController.updateUser(username: String) # Map static resources from the /public folder to the /assets URL path -GET /assets/*file controllers.Assets.versioned(path="/public", file: Asset) \ No newline at end of file +GET /assets/*file controllers.Assets.at(file) +GET /versionedAssets/*file controllers.Assets.versioned(file) \ No newline at end of file diff --git a/samples/server/petstore/java-play-framework-no-interface/logs/application.log b/samples/server/petstore/java-play-framework-no-interface/logs/application.log index 029a73a780c..df5a5fe5d68 100644 --- a/samples/server/petstore/java-play-framework-no-interface/logs/application.log +++ b/samples/server/petstore/java-play-framework-no-interface/logs/application.log @@ -1 +1,19 @@ -2017-08-09 12:45:42,656 [INFO] from play.api.Play in ForkJoinPool-1-worker-1 - Application started (Dev) +2017-08-22 11:19:05,148 [INFO] from play.api.http.EnabledFilters in play-dev-mode-akka.actor.default-dispatcher-4 - Enabled Filters (see ): + + play.filters.csrf.CSRFFilter + play.filters.headers.SecurityHeadersFilter + play.filters.hosts.AllowedHostsFilter + +2017-08-22 11:19:05,151 [INFO] from play.api.Play in play-dev-mode-akka.actor.default-dispatcher-4 - Application started (Dev) +2017-08-22 11:19:05,274 [WARN] from play.api.mvc.DefaultJWTCookieDataCodec in play-dev-mode-akka.actor.default-dispatcher-4 - decode: cookie has invalid signature! message = JWT signature does not match locally computed signature. JWT validity cannot be asserted and should not be trusted. +2017-08-22 11:19:05,275 [INFO] from play.api.mvc.DefaultJWTCookieDataCodec in play-dev-mode-akka.actor.default-dispatcher-4 - The JWT signature in the cookie does not match the locally computed signature with the server. +This usually indicates the browser has a leftover cookie from another Play application, +so clearing cookies may resolve this error message. +2017-08-22 11:19:12,122 [WARN] from play.api.mvc.DefaultJWTCookieDataCodec in play-dev-mode-akka.actor.default-dispatcher-4 - decode: cookie has invalid signature! message = JWT signature does not match locally computed signature. JWT validity cannot be asserted and should not be trusted. +2017-08-22 11:19:12,122 [INFO] from play.api.mvc.DefaultJWTCookieDataCodec in play-dev-mode-akka.actor.default-dispatcher-4 - The JWT signature in the cookie does not match the locally computed signature with the server. +This usually indicates the browser has a leftover cookie from another Play application, +so clearing cookies may resolve this error message. +2017-08-22 11:19:12,173 [WARN] from play.api.mvc.DefaultJWTCookieDataCodec in play-dev-mode-akka.actor.default-dispatcher-4 - decode: cookie has invalid signature! message = JWT signature does not match locally computed signature. JWT validity cannot be asserted and should not be trusted. +2017-08-22 11:19:12,173 [INFO] from play.api.mvc.DefaultJWTCookieDataCodec in play-dev-mode-akka.actor.default-dispatcher-4 - The JWT signature in the cookie does not match the locally computed signature with the server. +This usually indicates the browser has a leftover cookie from another Play application, +so clearing cookies may resolve this error message. diff --git a/samples/server/petstore/java-play-framework-no-interface/project/build.properties b/samples/server/petstore/java-play-framework-no-interface/project/build.properties index 59e7c05b62f..cf19fd026fd 100644 --- a/samples/server/petstore/java-play-framework-no-interface/project/build.properties +++ b/samples/server/petstore/java-play-framework-no-interface/project/build.properties @@ -1 +1 @@ -sbt.version=0.13.11 \ No newline at end of file +sbt.version=0.13.15 \ No newline at end of file diff --git a/samples/server/petstore/java-play-framework-no-interface/project/plugins.sbt b/samples/server/petstore/java-play-framework-no-interface/project/plugins.sbt index ea1f1061fbc..66fbf368ae6 100644 --- a/samples/server/petstore/java-play-framework-no-interface/project/plugins.sbt +++ b/samples/server/petstore/java-play-framework-no-interface/project/plugins.sbt @@ -1,2 +1,2 @@ // The Play plugin -addSbtPlugin("com.typesafe.play" % "sbt-plugin" % "2.5.13") +addSbtPlugin("com.typesafe.play" % "sbt-plugin" % "2.6.3") diff --git a/samples/server/petstore/java-play-framework-no-swagger-ui/build.sbt b/samples/server/petstore/java-play-framework-no-swagger-ui/build.sbt index 71ae306e016..ea1cf2610da 100644 --- a/samples/server/petstore/java-play-framework-no-swagger-ui/build.sbt +++ b/samples/server/petstore/java-play-framework-no-swagger-ui/build.sbt @@ -4,6 +4,7 @@ version := "1.0-SNAPSHOT" lazy val root = (project in file(".")).enablePlugins(PlayJava) -scalaVersion := "2.11.7" +scalaVersion := "2.12.2" libraryDependencies += "javax.validation" % "validation-api" % "1.1.0.Final" +libraryDependencies += guice diff --git a/samples/server/petstore/java-play-framework-no-swagger-ui/conf/application.conf b/samples/server/petstore/java-play-framework-no-swagger-ui/conf/application.conf index dd23556671a..a361b74d38e 100644 --- a/samples/server/petstore/java-play-framework-no-swagger-ui/conf/application.conf +++ b/samples/server/petstore/java-play-framework-no-swagger-ui/conf/application.conf @@ -15,6 +15,8 @@ # HOCON will fall back to substituting environment variable: #mykey = ${JAVA_HOME} +play.filters.headers.contentSecurityPolicy=null + play.http.errorHandler="swagger.ErrorHandler" ## Akka @@ -42,7 +44,7 @@ akka { # ~~~~~ # The secret key is used to sign Play's session cookie. # This must be changed for production, but we don't recommend you change it in this file. -play.crypto.secret = "changeme" +play.http.secret.key = "changeme" ## Modules # https://www.playframework.com/documentation/latest/Modules @@ -61,6 +63,11 @@ play.modules { # If there are any built-in modules that you want to disable, you can list them here. } +play.assets { +path = "/public" +urlPrefix = "/assets" +} + ## IDE # https://www.playframework.com/documentation/latest/IDE # ~~~~~ @@ -260,7 +267,8 @@ csrf { # ~~~~~ # Defines security headers that prevent XSS attacks. # If enabled, then all options are set to the below configuration by default: -headers { +play.filters.headers { + # The X-Frame-Options header. If null, the header is not set. #frameOptions = "DENY" @@ -274,7 +282,13 @@ headers { #permittedCrossDomainPolicies = "master-only" # The Content-Security-Policy header. If null, the header is not set. -#contentSecurityPolicy = "default-src 'self'" +contentSecurityPolicy = "default-src 'self'" + +# The Referrer-Policy header. If null, the header is not set. +#referrerPolicy = "origin-when-cross-origin, strict-origin-when-cross-origin" + +# If true, allow an action to use .withHeaders to replace one or more of the above headers +#allowActionSpecificHeaders = false } ## Allowed hosts filter configuration diff --git a/samples/server/petstore/java-play-framework-no-swagger-ui/conf/routes b/samples/server/petstore/java-play-framework-no-swagger-ui/conf/routes index 2263b75b92e..faa1a4f028f 100644 --- a/samples/server/petstore/java-play-framework-no-swagger-ui/conf/routes +++ b/samples/server/petstore/java-play-framework-no-swagger-ui/conf/routes @@ -31,4 +31,5 @@ GET /v2/user/logout controllers.UserApiController.logout PUT /v2/user/:username controllers.UserApiController.updateUser(username: String) # Map static resources from the /public folder to the /assets URL path -GET /assets/*file controllers.Assets.versioned(path="/public", file: Asset) \ No newline at end of file +GET /assets/*file controllers.Assets.at(file) +GET /versionedAssets/*file controllers.Assets.versioned(file) \ No newline at end of file diff --git a/samples/server/petstore/java-play-framework-no-swagger-ui/project/build.properties b/samples/server/petstore/java-play-framework-no-swagger-ui/project/build.properties index 59e7c05b62f..cf19fd026fd 100644 --- a/samples/server/petstore/java-play-framework-no-swagger-ui/project/build.properties +++ b/samples/server/petstore/java-play-framework-no-swagger-ui/project/build.properties @@ -1 +1 @@ -sbt.version=0.13.11 \ No newline at end of file +sbt.version=0.13.15 \ No newline at end of file diff --git a/samples/server/petstore/java-play-framework-no-swagger-ui/project/plugins.sbt b/samples/server/petstore/java-play-framework-no-swagger-ui/project/plugins.sbt index ea1f1061fbc..66fbf368ae6 100644 --- a/samples/server/petstore/java-play-framework-no-swagger-ui/project/plugins.sbt +++ b/samples/server/petstore/java-play-framework-no-swagger-ui/project/plugins.sbt @@ -1,2 +1,2 @@ // The Play plugin -addSbtPlugin("com.typesafe.play" % "sbt-plugin" % "2.5.13") +addSbtPlugin("com.typesafe.play" % "sbt-plugin" % "2.6.3") diff --git a/samples/server/petstore/java-play-framework-no-wrap-calls/build.sbt b/samples/server/petstore/java-play-framework-no-wrap-calls/build.sbt index 27d03e3eef0..e425cf8cfe6 100644 --- a/samples/server/petstore/java-play-framework-no-wrap-calls/build.sbt +++ b/samples/server/petstore/java-play-framework-no-wrap-calls/build.sbt @@ -4,7 +4,8 @@ version := "1.0-SNAPSHOT" lazy val root = (project in file(".")).enablePlugins(PlayJava) -scalaVersion := "2.11.7" +scalaVersion := "2.12.2" -libraryDependencies += "org.webjars" % "swagger-ui" % "2.2.10-1" +libraryDependencies += "org.webjars" % "swagger-ui" % "3.1.5" libraryDependencies += "javax.validation" % "validation-api" % "1.1.0.Final" +libraryDependencies += guice diff --git a/samples/server/petstore/java-play-framework-no-wrap-calls/conf/application.conf b/samples/server/petstore/java-play-framework-no-wrap-calls/conf/application.conf index dd23556671a..a361b74d38e 100644 --- a/samples/server/petstore/java-play-framework-no-wrap-calls/conf/application.conf +++ b/samples/server/petstore/java-play-framework-no-wrap-calls/conf/application.conf @@ -15,6 +15,8 @@ # HOCON will fall back to substituting environment variable: #mykey = ${JAVA_HOME} +play.filters.headers.contentSecurityPolicy=null + play.http.errorHandler="swagger.ErrorHandler" ## Akka @@ -42,7 +44,7 @@ akka { # ~~~~~ # The secret key is used to sign Play's session cookie. # This must be changed for production, but we don't recommend you change it in this file. -play.crypto.secret = "changeme" +play.http.secret.key = "changeme" ## Modules # https://www.playframework.com/documentation/latest/Modules @@ -61,6 +63,11 @@ play.modules { # If there are any built-in modules that you want to disable, you can list them here. } +play.assets { +path = "/public" +urlPrefix = "/assets" +} + ## IDE # https://www.playframework.com/documentation/latest/IDE # ~~~~~ @@ -260,7 +267,8 @@ csrf { # ~~~~~ # Defines security headers that prevent XSS attacks. # If enabled, then all options are set to the below configuration by default: -headers { +play.filters.headers { + # The X-Frame-Options header. If null, the header is not set. #frameOptions = "DENY" @@ -274,7 +282,13 @@ headers { #permittedCrossDomainPolicies = "master-only" # The Content-Security-Policy header. If null, the header is not set. -#contentSecurityPolicy = "default-src 'self'" +contentSecurityPolicy = "default-src 'self'" + +# The Referrer-Policy header. If null, the header is not set. +#referrerPolicy = "origin-when-cross-origin, strict-origin-when-cross-origin" + +# If true, allow an action to use .withHeaders to replace one or more of the above headers +#allowActionSpecificHeaders = false } ## Allowed hosts filter configuration diff --git a/samples/server/petstore/java-play-framework-no-wrap-calls/conf/routes b/samples/server/petstore/java-play-framework-no-wrap-calls/conf/routes index 48682c4ba2e..775497a59fc 100644 --- a/samples/server/petstore/java-play-framework-no-wrap-calls/conf/routes +++ b/samples/server/petstore/java-play-framework-no-wrap-calls/conf/routes @@ -32,4 +32,5 @@ GET /v2/user/logout controllers.UserApiController.logout PUT /v2/user/:username controllers.UserApiController.updateUser(username: String) # Map static resources from the /public folder to the /assets URL path -GET /assets/*file controllers.Assets.versioned(path="/public", file: Asset) \ No newline at end of file +GET /assets/*file controllers.Assets.at(file) +GET /versionedAssets/*file controllers.Assets.versioned(file) \ No newline at end of file diff --git a/samples/server/petstore/java-play-framework-no-wrap-calls/project/build.properties b/samples/server/petstore/java-play-framework-no-wrap-calls/project/build.properties index 59e7c05b62f..cf19fd026fd 100644 --- a/samples/server/petstore/java-play-framework-no-wrap-calls/project/build.properties +++ b/samples/server/petstore/java-play-framework-no-wrap-calls/project/build.properties @@ -1 +1 @@ -sbt.version=0.13.11 \ No newline at end of file +sbt.version=0.13.15 \ No newline at end of file diff --git a/samples/server/petstore/java-play-framework-no-wrap-calls/project/plugins.sbt b/samples/server/petstore/java-play-framework-no-wrap-calls/project/plugins.sbt index ea1f1061fbc..66fbf368ae6 100644 --- a/samples/server/petstore/java-play-framework-no-wrap-calls/project/plugins.sbt +++ b/samples/server/petstore/java-play-framework-no-wrap-calls/project/plugins.sbt @@ -1,2 +1,2 @@ // The Play plugin -addSbtPlugin("com.typesafe.play" % "sbt-plugin" % "2.5.13") +addSbtPlugin("com.typesafe.play" % "sbt-plugin" % "2.6.3") diff --git a/samples/server/petstore/java-play-framework/build.sbt b/samples/server/petstore/java-play-framework/build.sbt index 27d03e3eef0..e425cf8cfe6 100644 --- a/samples/server/petstore/java-play-framework/build.sbt +++ b/samples/server/petstore/java-play-framework/build.sbt @@ -4,7 +4,8 @@ version := "1.0-SNAPSHOT" lazy val root = (project in file(".")).enablePlugins(PlayJava) -scalaVersion := "2.11.7" +scalaVersion := "2.12.2" -libraryDependencies += "org.webjars" % "swagger-ui" % "2.2.10-1" +libraryDependencies += "org.webjars" % "swagger-ui" % "3.1.5" libraryDependencies += "javax.validation" % "validation-api" % "1.1.0.Final" +libraryDependencies += guice diff --git a/samples/server/petstore/java-play-framework/conf/application.conf b/samples/server/petstore/java-play-framework/conf/application.conf index dd23556671a..a361b74d38e 100644 --- a/samples/server/petstore/java-play-framework/conf/application.conf +++ b/samples/server/petstore/java-play-framework/conf/application.conf @@ -15,6 +15,8 @@ # HOCON will fall back to substituting environment variable: #mykey = ${JAVA_HOME} +play.filters.headers.contentSecurityPolicy=null + play.http.errorHandler="swagger.ErrorHandler" ## Akka @@ -42,7 +44,7 @@ akka { # ~~~~~ # The secret key is used to sign Play's session cookie. # This must be changed for production, but we don't recommend you change it in this file. -play.crypto.secret = "changeme" +play.http.secret.key = "changeme" ## Modules # https://www.playframework.com/documentation/latest/Modules @@ -61,6 +63,11 @@ play.modules { # If there are any built-in modules that you want to disable, you can list them here. } +play.assets { +path = "/public" +urlPrefix = "/assets" +} + ## IDE # https://www.playframework.com/documentation/latest/IDE # ~~~~~ @@ -260,7 +267,8 @@ csrf { # ~~~~~ # Defines security headers that prevent XSS attacks. # If enabled, then all options are set to the below configuration by default: -headers { +play.filters.headers { + # The X-Frame-Options header. If null, the header is not set. #frameOptions = "DENY" @@ -274,7 +282,13 @@ headers { #permittedCrossDomainPolicies = "master-only" # The Content-Security-Policy header. If null, the header is not set. -#contentSecurityPolicy = "default-src 'self'" +contentSecurityPolicy = "default-src 'self'" + +# The Referrer-Policy header. If null, the header is not set. +#referrerPolicy = "origin-when-cross-origin, strict-origin-when-cross-origin" + +# If true, allow an action to use .withHeaders to replace one or more of the above headers +#allowActionSpecificHeaders = false } ## Allowed hosts filter configuration diff --git a/samples/server/petstore/java-play-framework/conf/routes b/samples/server/petstore/java-play-framework/conf/routes index 48682c4ba2e..775497a59fc 100644 --- a/samples/server/petstore/java-play-framework/conf/routes +++ b/samples/server/petstore/java-play-framework/conf/routes @@ -32,4 +32,5 @@ GET /v2/user/logout controllers.UserApiController.logout PUT /v2/user/:username controllers.UserApiController.updateUser(username: String) # Map static resources from the /public folder to the /assets URL path -GET /assets/*file controllers.Assets.versioned(path="/public", file: Asset) \ No newline at end of file +GET /assets/*file controllers.Assets.at(file) +GET /versionedAssets/*file controllers.Assets.versioned(file) \ No newline at end of file diff --git a/samples/server/petstore/java-play-framework/project/build.properties b/samples/server/petstore/java-play-framework/project/build.properties index 59e7c05b62f..cf19fd026fd 100644 --- a/samples/server/petstore/java-play-framework/project/build.properties +++ b/samples/server/petstore/java-play-framework/project/build.properties @@ -1 +1 @@ -sbt.version=0.13.11 \ No newline at end of file +sbt.version=0.13.15 \ No newline at end of file diff --git a/samples/server/petstore/java-play-framework/project/plugins.sbt b/samples/server/petstore/java-play-framework/project/plugins.sbt index ea1f1061fbc..66fbf368ae6 100644 --- a/samples/server/petstore/java-play-framework/project/plugins.sbt +++ b/samples/server/petstore/java-play-framework/project/plugins.sbt @@ -1,2 +1,2 @@ // The Play plugin -addSbtPlugin("com.typesafe.play" % "sbt-plugin" % "2.5.13") +addSbtPlugin("com.typesafe.play" % "sbt-plugin" % "2.6.3")