Class AbstractRequestParameterAllowFromStrategy
- java.lang.Object
-
- org.springframework.security.web.header.writers.frameoptions.AbstractRequestParameterAllowFromStrategy
-
- All Implemented Interfaces:
AllowFromStrategy
- Direct Known Subclasses:
RegExpAllowFromStrategy
,WhiteListedAllowFromStrategy
@Deprecated public abstract class AbstractRequestParameterAllowFromStrategy extends java.lang.Object implements AllowFromStrategy
Deprecated.ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.Base class for AllowFromStrategy implementations which use a request parameter to retrieve the origin. By default the parameter namedx-frames-allow-from
is read from the request.- Since:
- 3.2
-
-
Field Summary
Fields Modifier and Type Field Description protected org.apache.commons.logging.Log
log
Deprecated.Logger for use by subclasses
-
Method Summary
All Methods Instance Methods Abstract Methods Concrete Methods Deprecated Methods Modifier and Type Method Description protected abstract boolean
allowed(java.lang.String allowFromOrigin)
Deprecated.Method to be implemented by base classes, used to determine if the supplied origin is allowed.java.lang.String
getAllowFromValue(javax.servlet.http.HttpServletRequest request)
Deprecated.Gets the value for ALLOW-FROM excluding the ALLOW-FROM.void
setAllowFromParameterName(java.lang.String allowFromParameterName)
Deprecated.Sets the HTTP parameter used to retrieve the value for the origin that is allowed from.
-
-
-
Method Detail
-
getAllowFromValue
public java.lang.String getAllowFromValue(javax.servlet.http.HttpServletRequest request)
Deprecated.Description copied from interface:AllowFromStrategy
Gets the value for ALLOW-FROM excluding the ALLOW-FROM. For example, the result might be "https://example.com/".- Specified by:
getAllowFromValue
in interfaceAllowFromStrategy
- Parameters:
request
- theHttpServletRequest
- Returns:
- the value for ALLOW-FROM or null if no header should be added for this request.
-
setAllowFromParameterName
public void setAllowFromParameterName(java.lang.String allowFromParameterName)
Deprecated.Sets the HTTP parameter used to retrieve the value for the origin that is allowed from. The value of the parameter should be a valid URL. The default parameter name is "x-frames-allow-from".- Parameters:
allowFromParameterName
- the name of the HTTP parameter to
-
allowed
protected abstract boolean allowed(java.lang.String allowFromOrigin)
Deprecated.Method to be implemented by base classes, used to determine if the supplied origin is allowed.- Parameters:
allowFromOrigin
- the supplied origin- Returns:
true
if the supplied origin is allowed.
-
-