spring-security-config/org.springframework.security.config.annotation.web/HeadersDsl

HeadersDsl

class HeadersDsl

A Kotlin DSL to configure HttpSecurity headers using idiomatic Kotlin code.

Author

Eleftheria Stein

Since

5.3

Constructors

HeadersDsl

constructor()

Properties

defaultsDisabled

var defaultsDisabled: Boolean?

whether all of the default headers should be included in the response

Functions

addHeaderWriter

fun addHeaderWriter(headerWriter: HeaderWriter)

Adds a HeaderWriter instance.

cacheControl

fun cacheControl(cacheControlConfig: CacheControlDsl.() -> Unit)

Allows customizing the CacheControlHeadersWriter. Specifically it adds the following headers:

contentSecurityPolicy

fun contentSecurityPolicy(contentSecurityPolicyConfig: ContentSecurityPolicyDsl.() -> Unit)

Allows configuration for Content Security Policy (CSP) Level 2.

contentTypeOptions

fun contentTypeOptions(contentTypeOptionsConfig: ContentTypeOptionsDsl.() -> Unit)

Configures the XContentTypeOptionsHeaderWriter which inserts the

crossOriginEmbedderPolicy

fun crossOriginEmbedderPolicy(crossOriginEmbedderPolicyConfig: CrossOriginEmbedderPolicyDsl.() -> Unit)

Allows configuration for Cross-Origin-Embedder-Policy header.

crossOriginOpenerPolicy

fun crossOriginOpenerPolicy(crossOriginOpenerPolicyConfig: CrossOriginOpenerPolicyDsl.() -> Unit)

Allows configuration for Cross-Origin-Opener-Policy header.

crossOriginResourcePolicy

fun crossOriginResourcePolicy(crossOriginResourcePolicyConfig: CrossOriginResourcePolicyDsl.() -> Unit)

Configures the Cross-Origin-Resource-Policy header.

disable

fun disable()

Disable all HTTP security headers.

featurePolicy

fun ~~featurePolicy~~(policyDirectives: String)

Allows configuration for Feature Policy.

frameOptions

fun frameOptions(frameOptionsConfig: FrameOptionsDsl.() -> Unit)

Allows customizing the XFrameOptionsHeaderWriter which add the X-Frame-Options header.

httpPublicKeyPinning

fun ~~httpPublicKeyPinning~~(hpkpConfig: HttpPublicKeyPinningDsl.() -> Unit)

Allows customizing the HpkpHeaderWriter which provides support for HTTP Public Key Pinning (HPKP).

httpStrictTransportSecurity

fun httpStrictTransportSecurity(hstsConfig: HttpStrictTransportSecurityDsl.() -> Unit)

Allows customizing the HstsHeaderWriter which provides support for HTTP Strict Transport Security (HSTS).

permissionsPolicy

fun permissionsPolicy(permissionsPolicyConfig: PermissionsPolicyDsl.() -> Unit)

Allows configuration for Permissions Policy.

referrerPolicy

fun referrerPolicy(referrerPolicyConfig: ReferrerPolicyDsl.() -> Unit)

Allows configuration for Referrer Policy.

xssProtection

fun xssProtection(xssProtectionConfig: XssProtectionConfigDsl.() -> Unit)

Note this is not comprehensive XSS protection!