Package org.springframework.security.web.header.writers.frameoptions

Class AbstractRequestParameterAllowFromStrategy

  • All Implemented Interfaces:
    AllowFromStrategy
    Direct Known Subclasses:
    RegExpAllowFromStrategy, WhiteListedAllowFromStrategy
    @Deprecated
public abstract class AbstractRequestParameterAllowFromStrategy
extends java.lang.Object
implements AllowFromStrategy
    Deprecated.
    ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.
    Base class for AllowFromStrategy implementations which use a request parameter to retrieve the origin. By default the parameter named x-frames-allow-from is read from the request.
    Since:
    3.2

    • Field Summary

      Fields 
      Modifier and Type Field Description
      protected org.apache.commons.logging.Log log
      Deprecated.
      Logger for use by subclasses

    • Method Summary

      All Methods Instance Methods Abstract Methods Concrete Methods Deprecated Methods 
      Modifier and Type Method Description
      protected abstract boolean allowed​(java.lang.String allowFromOrigin)
      Deprecated.
      Method to be implemented by base classes, used to determine if the supplied origin is allowed.
      java.lang.String getAllowFromValue​(javax.servlet.http.HttpServletRequest request)
      Deprecated.
      Gets the value for ALLOW-FROM excluding the ALLOW-FROM.
      void setAllowFromParameterName​(java.lang.String allowFromParameterName)
      Deprecated.
      Sets the HTTP parameter used to retrieve the value for the origin that is allowed from.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • log

        protected final org.apache.commons.logging.Log log
        Deprecated.
        Logger for use by subclasses

    • Method Detail

      • getAllowFromValue

        public java.lang.String getAllowFromValue​(javax.servlet.http.HttpServletRequest request)
        Deprecated.
        Description copied from interface: AllowFromStrategy
        Gets the value for ALLOW-FROM excluding the ALLOW-FROM. For example, the result might be "https://example.com/".
        Specified by:
        getAllowFromValue in interface AllowFromStrategy
        Parameters:
        request - the HttpServletRequest
        Returns:
        the value for ALLOW-FROM or null if no header should be added for this request.

      • setAllowFromParameterName

        public void setAllowFromParameterName​(java.lang.String allowFromParameterName)
        Deprecated.
        Sets the HTTP parameter used to retrieve the value for the origin that is allowed from. The value of the parameter should be a valid URL. The default parameter name is "x-frames-allow-from".
        Parameters:
        allowFromParameterName - the name of the HTTP parameter to

      • allowed

        protected abstract boolean allowed​(java.lang.String allowFromOrigin)
        Deprecated.
        Method to be implemented by base classes, used to determine if the supplied origin is allowed.
        Parameters:
        allowFromOrigin - the supplied origin
        Returns:
        true if the supplied origin is allowed.