Package org.springframework.security.web.server.header

Class XXssProtectionServerHttpHeadersWriter

java.lang.Object

org.springframework.security.web.server.header.XXssProtectionServerHttpHeadersWriter

All Implemented Interfaces:

ServerHttpHeadersWriter

public class XXssProtectionServerHttpHeadersWriter
extends java.lang.Object
implements ServerHttpHeadersWriter

Add the x-xss-protection header.

Since:

5.0

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	XXssProtectionServerHttpHeadersWriter.HeaderValue	The value of the x-xss-protection header.

Field Summary

Fields

Modifier and Type	Field	Description
static java.lang.String	X_XSS_PROTECTION

Constructor Summary

Constructors

Constructor	Description
XXssProtectionServerHttpHeadersWriter()	Creates a new instance

Method Summary

Modifier and Type	Method	Description
void	setBlock(boolean block)	Deprecated. use setHeaderValue(HeaderValue) instead
void	setEnabled(boolean enabled)	Deprecated. use setHeaderValue(HeaderValue) instead
void	setHeaderValue(XXssProtectionServerHttpHeadersWriter.HeaderValue headerValue)	Sets the value of the X-XSS-PROTECTION header.
reactor.core.publisher.Mono<java.lang.Void>	writeHttpHeaders(org.springframework.web.server.ServerWebExchange exchange)	Write the headers to the response.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

X_XSS_PROTECTION

public static final java.lang.String X_XSS_PROTECTION

See Also:

Constant Field Values

Constructor Detail

XXssProtectionServerHttpHeadersWriter

public XXssProtectionServerHttpHeadersWriter()

Creates a new instance

Method Detail

writeHttpHeaders

public reactor.core.publisher.Mono<java.lang.Void> writeHttpHeaders(org.springframework.web.server.ServerWebExchange exchange)

Description copied from interface: ServerHttpHeadersWriter

Write the headers to the response.

Specified by:

writeHttpHeaders in interface ServerHttpHeadersWriter

Returns:

A Mono which is returned to the Supplier of the ReactiveHttpOutputMessage.beforeCommit(Supplier).

setEnabled

@Deprecated
public void setEnabled(boolean enabled)

Deprecated.

use setHeaderValue(HeaderValue) instead

If true, will contain a value of 1. For example:

 X-XSS-Protection: 1
 

or if setBlock(boolean) is true

 X-XSS-Protection: 1; mode=block
 

If false, will explicitly disable specify that X-XSS-Protection is disabled. For example:

 X-XSS-Protection: 0
 

Parameters:

enabled - the new value

setBlock

@Deprecated
public void setBlock(boolean block)

Deprecated.

use setHeaderValue(HeaderValue) instead

If false, will not specify the mode as blocked. In this instance, any content will be attempted to be fixed. If true, the content will be replaced with "#".

Parameters:

block - the new value

setHeaderValue

public void setHeaderValue(XXssProtectionServerHttpHeadersWriter.HeaderValue headerValue)

Sets the value of the X-XSS-PROTECTION header.

If XXssProtectionServerHttpHeadersWriter.HeaderValue.DISABLED, will specify that X-XSS-Protection is disabled. For example:

 X-XSS-Protection: 0
 

If XXssProtectionServerHttpHeadersWriter.HeaderValue.ENABLED, will contain a value of 1, but will not specify the mode as blocked. In this instance, any content will be attempted to be fixed. For example:

 X-XSS-Protection: 1
 

If XXssProtectionServerHttpHeadersWriter.HeaderValue.ENABLED_MODE_BLOCK, will contain a value of 1 and will specify mode as blocked. The content will be replaced with "#". For example:

 X-XSS-Protection: 1; mode=block
 

Parameters:

headerValue - the new headerValue

Throws:

java.lang.IllegalArgumentException - if headerValue is null

Since:

5.8