Class XFrameOptionsHeaderWriter
- java.lang.Object
-
- org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter
-
- All Implemented Interfaces:
HeaderWriter
public final class XFrameOptionsHeaderWriter extends java.lang.Object implements HeaderWriter
HeaderWriter
implementation for the X-Frame-Options headers. When using the ALLOW-FROM directive the actual value is determined by aAllowFromStrategy
.- Since:
- 3.2
- See Also:
AllowFromStrategy
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
XFrameOptionsHeaderWriter.XFrameOptionsMode
The possible values for the X-Frame-Options header.
-
Field Summary
Fields Modifier and Type Field Description static java.lang.String
XFRAME_OPTIONS_HEADER
-
Constructor Summary
Constructors Constructor Description XFrameOptionsHeaderWriter()
Creates an instance withXFrameOptionsHeaderWriter.XFrameOptionsMode.DENY
XFrameOptionsHeaderWriter(AllowFromStrategy allowFromStrategy)
Deprecated.ALLOW-FROM is an obsolete directive that no longer works in modern browsers.XFrameOptionsHeaderWriter(XFrameOptionsHeaderWriter.XFrameOptionsMode frameOptionsMode)
Creates a new instance
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
writeHeaders(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
Writes the X-Frame-Options header value, overwritting any previous value.
-
-
-
Field Detail
-
XFRAME_OPTIONS_HEADER
public static final java.lang.String XFRAME_OPTIONS_HEADER
- See Also:
- Constant Field Values
-
-
Constructor Detail
-
XFrameOptionsHeaderWriter
public XFrameOptionsHeaderWriter()
Creates an instance withXFrameOptionsHeaderWriter.XFrameOptionsMode.DENY
-
XFrameOptionsHeaderWriter
public XFrameOptionsHeaderWriter(XFrameOptionsHeaderWriter.XFrameOptionsMode frameOptionsMode)
Creates a new instance- Parameters:
frameOptionsMode
- theXFrameOptionsHeaderWriter.XFrameOptionsMode
to use. If usingXFrameOptionsHeaderWriter.XFrameOptionsMode.ALLOW_FROM
, useXFrameOptionsHeaderWriter(AllowFromStrategy)
instead.
-
XFrameOptionsHeaderWriter
@Deprecated public XFrameOptionsHeaderWriter(AllowFromStrategy allowFromStrategy)
Deprecated.ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.Creates a new instance withXFrameOptionsHeaderWriter.XFrameOptionsMode.ALLOW_FROM
.- Parameters:
allowFromStrategy
- the strategy for determining what the value for ALLOW_FROM is.
-
-
Method Detail
-
writeHeaders
public void writeHeaders(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
Writes the X-Frame-Options header value, overwritting any previous value.- Specified by:
writeHeaders
in interfaceHeaderWriter
- Parameters:
request
- the servlet requestresponse
- the servlet response
-
-