public final class XFrameOptionsHeaderWriter extends java.lang.Object implements HeaderWriter
HeaderWriter
implementation for the X-Frame-Options headers. When using the
ALLOW-FROM directive the actual value is determined by a AllowFromStrategy
.AllowFromStrategy
Modifier and Type | Class and Description |
---|---|
static class |
XFrameOptionsHeaderWriter.XFrameOptionsMode
The possible values for the X-Frame-Options header.
|
Modifier and Type | Field and Description |
---|---|
static java.lang.String |
XFRAME_OPTIONS_HEADER |
Constructor and Description |
---|
XFrameOptionsHeaderWriter()
Creates an instance with
XFrameOptionsHeaderWriter.XFrameOptionsMode.DENY |
XFrameOptionsHeaderWriter(AllowFromStrategy allowFromStrategy)
Deprecated.
ALLOW-FROM is an obsolete directive that no longer works in modern
browsers. Instead use Content-Security-Policy with the frame-ancestors
directive.
|
XFrameOptionsHeaderWriter(XFrameOptionsHeaderWriter.XFrameOptionsMode frameOptionsMode)
Creates a new instance
|
Modifier and Type | Method and Description |
---|---|
void |
writeHeaders(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Writes the X-Frame-Options header value, overwritting any previous value.
|
public static final java.lang.String XFRAME_OPTIONS_HEADER
public XFrameOptionsHeaderWriter()
XFrameOptionsHeaderWriter.XFrameOptionsMode.DENY
public XFrameOptionsHeaderWriter(XFrameOptionsHeaderWriter.XFrameOptionsMode frameOptionsMode)
frameOptionsMode
- the XFrameOptionsHeaderWriter.XFrameOptionsMode
to use. If using
XFrameOptionsHeaderWriter.XFrameOptionsMode.ALLOW_FROM
, use
XFrameOptionsHeaderWriter(AllowFromStrategy)
instead.@Deprecated public XFrameOptionsHeaderWriter(AllowFromStrategy allowFromStrategy)
XFrameOptionsHeaderWriter.XFrameOptionsMode.ALLOW_FROM
.allowFromStrategy
- the strategy for determining what the value for ALLOW_FROM
is.public void writeHeaders(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
writeHeaders
in interface HeaderWriter
request
- the servlet requestresponse
- the servlet response