Class ServerHttpSecurity.HeaderSpec
- java.lang.Object
-
- org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
-
- Enclosing class:
- ServerHttpSecurity
public final class ServerHttpSecurity.HeaderSpec extends java.lang.Object
Configures HTTP Response Headers.- Since:
- 5.0
- See Also:
ServerHttpSecurity.headers()
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description class
ServerHttpSecurity.HeaderSpec.CacheSpec
Configures cache control headersclass
ServerHttpSecurity.HeaderSpec.ContentSecurityPolicySpec
ConfiguresContent-Security-Policy
response header.class
ServerHttpSecurity.HeaderSpec.ContentTypeOptionsSpec
The content type headersclass
ServerHttpSecurity.HeaderSpec.FeaturePolicySpec
ConfiguresFeature-Policy
response header.class
ServerHttpSecurity.HeaderSpec.FrameOptionsSpec
Configures frame options response headerclass
ServerHttpSecurity.HeaderSpec.HstsSpec
Configures Strict Transport Security response headerclass
ServerHttpSecurity.HeaderSpec.PermissionsPolicySpec
ConfiguresPermissions-Policy
response header.class
ServerHttpSecurity.HeaderSpec.ReferrerPolicySpec
ConfiguresReferrer-Policy
response header.class
ServerHttpSecurity.HeaderSpec.XssProtectionSpec
Configures x-xss-protection response header
-
Method Summary
-
-
-
Method Detail
-
and
public ServerHttpSecurity and()
Allows method chaining to continue configuring theServerHttpSecurity
- Returns:
- the
ServerHttpSecurity
to continue configuring
-
disable
public ServerHttpSecurity disable()
Disables http response headers- Returns:
- the
ServerHttpSecurity
to continue configuring
-
cache
public ServerHttpSecurity.HeaderSpec.CacheSpec cache()
Configures cache control headers- Returns:
- the
ServerHttpSecurity.HeaderSpec.CacheSpec
to configure
-
cache
public ServerHttpSecurity.HeaderSpec cache(Customizer<ServerHttpSecurity.HeaderSpec.CacheSpec> cacheCustomizer)
Configures cache control headers- Parameters:
cacheCustomizer
- theCustomizer
to provide more options for theServerHttpSecurity.HeaderSpec.CacheSpec
- Returns:
- the
ServerHttpSecurity.HeaderSpec
to customize
-
contentTypeOptions
public ServerHttpSecurity.HeaderSpec.ContentTypeOptionsSpec contentTypeOptions()
Configures content type response headers- Returns:
- the
ServerHttpSecurity.HeaderSpec.ContentTypeOptionsSpec
to configure
-
contentTypeOptions
public ServerHttpSecurity.HeaderSpec contentTypeOptions(Customizer<ServerHttpSecurity.HeaderSpec.ContentTypeOptionsSpec> contentTypeOptionsCustomizer)
Configures content type response headers- Parameters:
contentTypeOptionsCustomizer
- theCustomizer
to provide more options for theServerHttpSecurity.HeaderSpec.ContentTypeOptionsSpec
- Returns:
- the
ServerHttpSecurity.HeaderSpec
to customize
-
frameOptions
public ServerHttpSecurity.HeaderSpec.FrameOptionsSpec frameOptions()
Configures frame options response headers- Returns:
- the
ServerHttpSecurity.HeaderSpec.FrameOptionsSpec
to configure
-
frameOptions
public ServerHttpSecurity.HeaderSpec frameOptions(Customizer<ServerHttpSecurity.HeaderSpec.FrameOptionsSpec> frameOptionsCustomizer)
Configures frame options response headers- Parameters:
frameOptionsCustomizer
- theCustomizer
to provide more options for theServerHttpSecurity.HeaderSpec.FrameOptionsSpec
- Returns:
- the
ServerHttpSecurity.HeaderSpec
to customize
-
writer
public ServerHttpSecurity.HeaderSpec writer(ServerHttpHeadersWriter serverHttpHeadersWriter)
Configures custom headers writer- Parameters:
serverHttpHeadersWriter
- theServerHttpHeadersWriter
to provide custom headers writer- Returns:
- the
ServerHttpSecurity.HeaderSpec
to customize - Since:
- 5.3.0
-
hsts
public ServerHttpSecurity.HeaderSpec.HstsSpec hsts()
Configures the Strict Transport Security response headers- Returns:
- the
ServerHttpSecurity.HeaderSpec.HstsSpec
to configure
-
hsts
public ServerHttpSecurity.HeaderSpec hsts(Customizer<ServerHttpSecurity.HeaderSpec.HstsSpec> hstsCustomizer)
Configures the Strict Transport Security response headers- Parameters:
hstsCustomizer
- theCustomizer
to provide more options for theServerHttpSecurity.HeaderSpec.HstsSpec
- Returns:
- the
ServerHttpSecurity.HeaderSpec
to customize
-
configure
protected void configure(ServerHttpSecurity http)
-
xssProtection
public ServerHttpSecurity.HeaderSpec.XssProtectionSpec xssProtection()
Configures x-xss-protection response header.- Returns:
- the
ServerHttpSecurity.HeaderSpec.XssProtectionSpec
to configure
-
xssProtection
public ServerHttpSecurity.HeaderSpec xssProtection(Customizer<ServerHttpSecurity.HeaderSpec.XssProtectionSpec> xssProtectionCustomizer)
Configures x-xss-protection response header.- Parameters:
xssProtectionCustomizer
- theCustomizer
to provide more options for theServerHttpSecurity.HeaderSpec.XssProtectionSpec
- Returns:
- the
ServerHttpSecurity.HeaderSpec
to customize
-
contentSecurityPolicy
public ServerHttpSecurity.HeaderSpec.ContentSecurityPolicySpec contentSecurityPolicy(java.lang.String policyDirectives)
ConfiguresContent-Security-Policy
response header.- Parameters:
policyDirectives
- the policy directive(s)- Returns:
- the
ServerHttpSecurity.HeaderSpec.ContentSecurityPolicySpec
to configure
-
contentSecurityPolicy
public ServerHttpSecurity.HeaderSpec contentSecurityPolicy(Customizer<ServerHttpSecurity.HeaderSpec.ContentSecurityPolicySpec> contentSecurityPolicyCustomizer)
ConfiguresContent-Security-Policy
response header.- Parameters:
contentSecurityPolicyCustomizer
- theCustomizer
to provide more options for theServerHttpSecurity.HeaderSpec.ContentSecurityPolicySpec
- Returns:
- the
ServerHttpSecurity.HeaderSpec
to customize
-
featurePolicy
@Deprecated public ServerHttpSecurity.HeaderSpec.FeaturePolicySpec featurePolicy(java.lang.String policyDirectives)
Deprecated.UsepermissionsPolicy(Customizer)
instead.ConfiguresFeature-Policy
response header.- Parameters:
policyDirectives
- the policy- Returns:
- the
ServerHttpSecurity.HeaderSpec.FeaturePolicySpec
to configure
-
permissionsPolicy
public ServerHttpSecurity.HeaderSpec.PermissionsPolicySpec permissionsPolicy()
ConfiguresPermissions-Policy
response header.- Returns:
- the
ServerHttpSecurity.HeaderSpec.PermissionsPolicySpec
to configure
-
permissionsPolicy
public ServerHttpSecurity.HeaderSpec permissionsPolicy(Customizer<ServerHttpSecurity.HeaderSpec.PermissionsPolicySpec> permissionsPolicyCustomizer)
ConfiguresPermissions-Policy
response header.- Parameters:
permissionsPolicyCustomizer
- theCustomizer
to provide more options for theServerHttpSecurity.HeaderSpec.PermissionsPolicySpec
- Returns:
- the
ServerHttpSecurity.HeaderSpec
to customize
-
referrerPolicy
public ServerHttpSecurity.HeaderSpec.ReferrerPolicySpec referrerPolicy(ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy referrerPolicy)
ConfiguresReferrer-Policy
response header.- Parameters:
referrerPolicy
- the policy to use- Returns:
- the
ServerHttpSecurity.HeaderSpec.ReferrerPolicySpec
to configure
-
referrerPolicy
public ServerHttpSecurity.HeaderSpec.ReferrerPolicySpec referrerPolicy()
ConfiguresReferrer-Policy
response header.- Returns:
- the
ServerHttpSecurity.HeaderSpec.ReferrerPolicySpec
to configure
-
referrerPolicy
public ServerHttpSecurity.HeaderSpec referrerPolicy(Customizer<ServerHttpSecurity.HeaderSpec.ReferrerPolicySpec> referrerPolicyCustomizer)
ConfiguresReferrer-Policy
response header.- Parameters:
referrerPolicyCustomizer
- theCustomizer
to provide more options for theServerHttpSecurity.HeaderSpec.ReferrerPolicySpec
- Returns:
- the
ServerHttpSecurity.HeaderSpec
to customize
-
-