Class XFrameOptionsHeaderWriter
- java.lang.Object
-
- org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter
-
- All Implemented Interfaces:
HeaderWriter
public final class XFrameOptionsHeaderWriter extends java.lang.Object implements HeaderWriter
HeaderWriterimplementation for the X-Frame-Options headers. When using the ALLOW-FROM directive the actual value is determined by aAllowFromStrategy.- Since:
- 3.2
- See Also:
AllowFromStrategy
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static classXFrameOptionsHeaderWriter.XFrameOptionsModeThe possible values for the X-Frame-Options header.
-
Field Summary
Fields Modifier and Type Field Description static java.lang.StringXFRAME_OPTIONS_HEADER
-
Constructor Summary
Constructors Constructor Description XFrameOptionsHeaderWriter()Creates an instance withXFrameOptionsHeaderWriter.XFrameOptionsMode.DENYXFrameOptionsHeaderWriter(AllowFromStrategy allowFromStrategy)Deprecated.ALLOW-FROM is an obsolete directive that no longer works in modern browsers.XFrameOptionsHeaderWriter(XFrameOptionsHeaderWriter.XFrameOptionsMode frameOptionsMode)Creates a new instance
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description voidwriteHeaders(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)Writes the X-Frame-Options header value, overwritting any previous value.
-
-
-
Field Detail
-
XFRAME_OPTIONS_HEADER
public static final java.lang.String XFRAME_OPTIONS_HEADER
- See Also:
- Constant Field Values
-
-
Constructor Detail
-
XFrameOptionsHeaderWriter
public XFrameOptionsHeaderWriter()
Creates an instance withXFrameOptionsHeaderWriter.XFrameOptionsMode.DENY
-
XFrameOptionsHeaderWriter
public XFrameOptionsHeaderWriter(XFrameOptionsHeaderWriter.XFrameOptionsMode frameOptionsMode)
Creates a new instance- Parameters:
frameOptionsMode- theXFrameOptionsHeaderWriter.XFrameOptionsModeto use. If usingXFrameOptionsHeaderWriter.XFrameOptionsMode.ALLOW_FROM, useXFrameOptionsHeaderWriter(AllowFromStrategy)instead.
-
XFrameOptionsHeaderWriter
@Deprecated public XFrameOptionsHeaderWriter(AllowFromStrategy allowFromStrategy)
Deprecated.ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.Creates a new instance withXFrameOptionsHeaderWriter.XFrameOptionsMode.ALLOW_FROM.- Parameters:
allowFromStrategy- the strategy for determining what the value for ALLOW_FROM is.
-
-
Method Detail
-
writeHeaders
public void writeHeaders(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)Writes the X-Frame-Options header value, overwritting any previous value.- Specified by:
writeHeadersin interfaceHeaderWriter- Parameters:
request- the servlet requestresponse- the servlet response
-
-