Package org.springframework.security.web.server.header

Class XXssProtectionServerHttpHeadersWriter

java.lang.Object

org.springframework.security.web.server.header.XXssProtectionServerHttpHeadersWriter

All Implemented Interfaces:

ServerHttpHeadersWriter

public class XXssProtectionServerHttpHeadersWriter
extends Object
implements ServerHttpHeadersWriter

Add the x-xss-protection header.

Since:

5.0

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static enum	XXssProtectionServerHttpHeadersWriter.HeaderValue	The value of the x-xss-protection header.

Field Summary

Fields

Modifier and Type	Field	Description
static final String	X_XSS_PROTECTION

Constructor Summary

Constructors

Constructor	Description
XXssProtectionServerHttpHeadersWriter()	Creates a new instance

Method Summary

Modifier and Type	Method	Description
void	setHeaderValue(XXssProtectionServerHttpHeadersWriter.HeaderValue headerValue)	Sets the value of the X-XSS-PROTECTION header.
reactor.core.publisher.Mono<Void>	writeHttpHeaders(org.springframework.web.server.ServerWebExchange exchange)	Write the headers to the response.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

X_XSS_PROTECTION

public static final String X_XSS_PROTECTION

See Also:

• Constant Field Values

Constructor Details

XXssProtectionServerHttpHeadersWriter

public XXssProtectionServerHttpHeadersWriter()

Creates a new instance

Method Details

writeHttpHeaders

public reactor.core.publisher.Mono<Void> writeHttpHeaders(org.springframework.web.server.ServerWebExchange exchange)

Description copied from interface: ServerHttpHeadersWriter

Write the headers to the response.

Specified by:

writeHttpHeaders in interface ServerHttpHeadersWriter

Returns:

A Mono which is returned to the Supplier of the ReactiveHttpOutputMessage.beforeCommit(Supplier).

setHeaderValue

public void setHeaderValue(XXssProtectionServerHttpHeadersWriter.HeaderValue headerValue)

Sets the value of the X-XSS-PROTECTION header. Defaults to XXssProtectionServerHttpHeadersWriter.HeaderValue.DISABLED

If XXssProtectionServerHttpHeadersWriter.HeaderValue.DISABLED, will specify that X-XSS-Protection is disabled. For example:

 X-XSS-Protection: 0
 

If XXssProtectionServerHttpHeadersWriter.HeaderValue.ENABLED, will contain a value of 1, but will not specify the mode as blocked. In this instance, any content will be attempted to be fixed. For example:

 X-XSS-Protection: 1
 

If XXssProtectionServerHttpHeadersWriter.HeaderValue.ENABLED_MODE_BLOCK, will contain a value of 1 and will specify mode as blocked. The content will be replaced with "#". For example:

 X-XSS-Protection: 1; mode=block
 

Parameters:

headerValue - the new headerValue

Throws:

IllegalArgumentException - if headerValue is null

Since:

5.8