Package org.springframework.security.config.web.server

Class ServerHttpSecurity.HeaderSpec

java.lang.Object

org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec

Enclosing class:

ServerHttpSecurity

public final class ServerHttpSecurity.HeaderSpec
extends Object

Configures HTTP Response Headers.

Since:

5.0

See Also:

• ServerHttpSecurity.headers(Customizer)

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
final class	ServerHttpSecurity.HeaderSpec.CacheSpec	Configures cache control headers
final class	ServerHttpSecurity.HeaderSpec.ContentSecurityPolicySpec	Configures Content-Security-Policy response header.
final class	ServerHttpSecurity.HeaderSpec.ContentTypeOptionsSpec	The content type headers
final class	ServerHttpSecurity.HeaderSpec.CrossOriginEmbedderPolicySpec	Configures the Cross-Origin-Embedder-Policy header
final class	ServerHttpSecurity.HeaderSpec.CrossOriginOpenerPolicySpec	Configures the Cross-Origin-Opener-Policy header
final class	ServerHttpSecurity.HeaderSpec.CrossOriginResourcePolicySpec	Configures the Cross-Origin-Resource-Policy header
final class	ServerHttpSecurity.HeaderSpec.FeaturePolicySpec	Configures Feature-Policy response header.
final class	ServerHttpSecurity.HeaderSpec.FrameOptionsSpec	Configures frame options response header
final class	ServerHttpSecurity.HeaderSpec.HstsSpec	Configures Strict Transport Security response header
final class	ServerHttpSecurity.HeaderSpec.PermissionsPolicySpec	Configures Permissions-Policy response header.
final class	ServerHttpSecurity.HeaderSpec.ReferrerPolicySpec	Configures Referrer-Policy response header.
final class	ServerHttpSecurity.HeaderSpec.XssProtectionSpec	Configures x-xss-protection response header

Method Summary

Modifier and Type	Method	Description
ServerHttpSecurity.HeaderSpec	cache(Customizer<ServerHttpSecurity.HeaderSpec.CacheSpec> cacheCustomizer)	Configures cache control headers
protected void	configure(ServerHttpSecurity http)
ServerHttpSecurity.HeaderSpec	contentSecurityPolicy(Customizer<ServerHttpSecurity.HeaderSpec.ContentSecurityPolicySpec> contentSecurityPolicyCustomizer)	Configures Content-Security-Policy response header.
ServerHttpSecurity.HeaderSpec	contentTypeOptions(Customizer<ServerHttpSecurity.HeaderSpec.ContentTypeOptionsSpec> contentTypeOptionsCustomizer)	Configures content type response headers
ServerHttpSecurity.HeaderSpec	crossOriginEmbedderPolicy(Customizer<ServerHttpSecurity.HeaderSpec.CrossOriginEmbedderPolicySpec> crossOriginEmbedderPolicyCustomizer)	Configures the Cross-Origin-Embedder-Policy header.
ServerHttpSecurity.HeaderSpec	crossOriginOpenerPolicy(Customizer<ServerHttpSecurity.HeaderSpec.CrossOriginOpenerPolicySpec> crossOriginOpenerPolicyCustomizer)	Configures the Cross-Origin-Opener-Policy header.
ServerHttpSecurity.HeaderSpec	crossOriginResourcePolicy(Customizer<ServerHttpSecurity.HeaderSpec.CrossOriginResourcePolicySpec> crossOriginResourcePolicyCustomizer)	Configures the Cross-Origin-Resource-Policy header.
ServerHttpSecurity	disable()	Disables http response headers
ServerHttpSecurity.HeaderSpec.FeaturePolicySpec	featurePolicy(String policyDirectives)	Deprecated. For removal in 7.0.
ServerHttpSecurity.HeaderSpec	frameOptions(Customizer<ServerHttpSecurity.HeaderSpec.FrameOptionsSpec> frameOptionsCustomizer)	Configures frame options response headers
ServerHttpSecurity.HeaderSpec	hsts(Customizer<ServerHttpSecurity.HeaderSpec.HstsSpec> hstsCustomizer)	Configures the Strict Transport Security response headers
ServerHttpSecurity.HeaderSpec	permissionsPolicy(Customizer<ServerHttpSecurity.HeaderSpec.PermissionsPolicySpec> permissionsPolicyCustomizer)	Configures Permissions-Policy response header.
ServerHttpSecurity.HeaderSpec	referrerPolicy(Customizer<ServerHttpSecurity.HeaderSpec.ReferrerPolicySpec> referrerPolicyCustomizer)	Configures Referrer-Policy response header.
ServerHttpSecurity.HeaderSpec	writer(ServerHttpHeadersWriter serverHttpHeadersWriter)	Configures custom headers writer
ServerHttpSecurity.HeaderSpec	xssProtection(Customizer<ServerHttpSecurity.HeaderSpec.XssProtectionSpec> xssProtectionCustomizer)	Configures x-xss-protection response header.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

disable

public ServerHttpSecurity disable()

Disables http response headers

Returns:

the ServerHttpSecurity to continue configuring

cache

public ServerHttpSecurity.HeaderSpec cache(Customizer<ServerHttpSecurity.HeaderSpec.CacheSpec> cacheCustomizer)

Configures cache control headers

Parameters:

cacheCustomizer - the Customizer to provide more options for the ServerHttpSecurity.HeaderSpec.CacheSpec

Returns:

the ServerHttpSecurity.HeaderSpec to customize

contentTypeOptions

public ServerHttpSecurity.HeaderSpec contentTypeOptions(Customizer<ServerHttpSecurity.HeaderSpec.ContentTypeOptionsSpec> contentTypeOptionsCustomizer)

Configures content type response headers

Parameters:

contentTypeOptionsCustomizer - the Customizer to provide more options for the ServerHttpSecurity.HeaderSpec.ContentTypeOptionsSpec

Returns:

the ServerHttpSecurity.HeaderSpec to customize

frameOptions

public ServerHttpSecurity.HeaderSpec frameOptions(Customizer<ServerHttpSecurity.HeaderSpec.FrameOptionsSpec> frameOptionsCustomizer)

Configures frame options response headers

Parameters:

frameOptionsCustomizer - the Customizer to provide more options for the ServerHttpSecurity.HeaderSpec.FrameOptionsSpec

Returns:

the ServerHttpSecurity.HeaderSpec to customize

writer

public ServerHttpSecurity.HeaderSpec writer(ServerHttpHeadersWriter serverHttpHeadersWriter)

Configures custom headers writer

Parameters:

serverHttpHeadersWriter - the ServerHttpHeadersWriter to provide custom headers writer

Returns:

the ServerHttpSecurity.HeaderSpec to customize

Since:

5.3.0

hsts

public ServerHttpSecurity.HeaderSpec hsts(Customizer<ServerHttpSecurity.HeaderSpec.HstsSpec> hstsCustomizer)

Configures the Strict Transport Security response headers

Parameters:

hstsCustomizer - the Customizer to provide more options for the ServerHttpSecurity.HeaderSpec.HstsSpec

Returns:

the ServerHttpSecurity.HeaderSpec to customize

configure

protected void configure(ServerHttpSecurity http)

xssProtection

public ServerHttpSecurity.HeaderSpec xssProtection(Customizer<ServerHttpSecurity.HeaderSpec.XssProtectionSpec> xssProtectionCustomizer)

Configures x-xss-protection response header.

Parameters:

xssProtectionCustomizer - the Customizer to provide more options for the ServerHttpSecurity.HeaderSpec.XssProtectionSpec

Returns:

the ServerHttpSecurity.HeaderSpec to customize

contentSecurityPolicy

public ServerHttpSecurity.HeaderSpec contentSecurityPolicy(Customizer<ServerHttpSecurity.HeaderSpec.ContentSecurityPolicySpec> contentSecurityPolicyCustomizer)

Configures Content-Security-Policy response header.

Parameters:

contentSecurityPolicyCustomizer - the Customizer to provide more options for the ServerHttpSecurity.HeaderSpec.ContentSecurityPolicySpec

Returns:

the ServerHttpSecurity.HeaderSpec to customize

featurePolicy

@Deprecated
public ServerHttpSecurity.HeaderSpec.FeaturePolicySpec featurePolicy(String policyDirectives)

Deprecated.

For removal in 7.0. Use permissionsPolicy(Customizer) instead.

Configures Feature-Policy response header.

Parameters:

policyDirectives - the policy

Returns:

the ServerHttpSecurity.HeaderSpec.FeaturePolicySpec to configure

permissionsPolicy

public ServerHttpSecurity.HeaderSpec permissionsPolicy(Customizer<ServerHttpSecurity.HeaderSpec.PermissionsPolicySpec> permissionsPolicyCustomizer)

Configures Permissions-Policy response header.

Parameters:

permissionsPolicyCustomizer - the Customizer to provide more options for the ServerHttpSecurity.HeaderSpec.PermissionsPolicySpec

Returns:

the ServerHttpSecurity.HeaderSpec to customize

referrerPolicy

public ServerHttpSecurity.HeaderSpec referrerPolicy(Customizer<ServerHttpSecurity.HeaderSpec.ReferrerPolicySpec> referrerPolicyCustomizer)

Configures Referrer-Policy response header.

Parameters:

referrerPolicyCustomizer - the Customizer to provide more options for the ServerHttpSecurity.HeaderSpec.ReferrerPolicySpec

Returns:

the ServerHttpSecurity.HeaderSpec to customize

crossOriginOpenerPolicy

public ServerHttpSecurity.HeaderSpec crossOriginOpenerPolicy(Customizer<ServerHttpSecurity.HeaderSpec.CrossOriginOpenerPolicySpec> crossOriginOpenerPolicyCustomizer)

Configures the Cross-Origin-Opener-Policy header.

Returns:

the ServerHttpSecurity.HeaderSpec to customize

Since:

5.7

See Also:

• CrossOriginOpenerPolicyServerHttpHeadersWriter

crossOriginEmbedderPolicy

public ServerHttpSecurity.HeaderSpec crossOriginEmbedderPolicy(Customizer<ServerHttpSecurity.HeaderSpec.CrossOriginEmbedderPolicySpec> crossOriginEmbedderPolicyCustomizer)

Configures the Cross-Origin-Embedder-Policy header.

Returns:

the ServerHttpSecurity.HeaderSpec to customize

Since:

5.7

See Also:

• CrossOriginEmbedderPolicyServerHttpHeadersWriter

crossOriginResourcePolicy

public ServerHttpSecurity.HeaderSpec crossOriginResourcePolicy(Customizer<ServerHttpSecurity.HeaderSpec.CrossOriginResourcePolicySpec> crossOriginResourcePolicyCustomizer)

Configures the Cross-Origin-Resource-Policy header.

Returns:

the ServerHttpSecurity.HeaderSpec to customize

Since:

5.7

See Also:

• CrossOriginResourcePolicyServerHttpHeadersWriter