Class HeadersConfigurer.XXssConfig
- java.lang.Object
-
- org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.XXssConfig
-
- Enclosing class:
- HeadersConfigurer<H extends HttpSecurityBuilder<H>>
public final class HeadersConfigurer.XXssConfig extends java.lang.Object
-
-
Method Summary
All Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description HeadersConfigurer<H>
and()
Allows completing configuration of X-XSS-Protection and continuing configuration of headers.HeadersConfigurer.XXssConfig
block(boolean enabled)
Deprecated.HeadersConfigurer<H>
disable()
Disables X-XSS-Protection header (does not include it)HeadersConfigurer.XXssConfig
headerValue(XXssProtectionHeaderWriter.HeaderValue headerValue)
Sets the value of the X-XSS-PROTECTION header.HeadersConfigurer.XXssConfig
xssProtectionEnabled(boolean enabled)
Deprecated.
-
-
-
Method Detail
-
block
@Deprecated public HeadersConfigurer.XXssConfig block(boolean enabled)
Deprecated.If false, will not specify the mode as blocked. In this instance, any content will be attempted to be fixed. If true, the content will be replaced with "#".- Parameters:
enabled
- the new value
-
xssProtectionEnabled
@Deprecated public HeadersConfigurer.XXssConfig xssProtectionEnabled(boolean enabled)
Deprecated.If true, the header value will contain a value of 1. For example:X-XSS-Protection: 1
or ifXXssProtectionHeaderWriter.setBlock(boolean)
of the givenXXssProtectionHeaderWriter
is trueX-XSS-Protection: 1; mode=block
If false, will explicitly disable specify that X-XSS-Protection is disabled. For example:X-XSS-Protection: 0
- Parameters:
enabled
- the new value
-
headerValue
public HeadersConfigurer.XXssConfig headerValue(XXssProtectionHeaderWriter.HeaderValue headerValue)
Sets the value of the X-XSS-PROTECTION header. OWASP recommends usingXXssProtectionHeaderWriter.HeaderValue.DISABLED
. IfXXssProtectionHeaderWriter.HeaderValue.DISABLED
, will specify that X-XSS-Protection is disabled. For example:X-XSS-Protection: 0
IfXXssProtectionHeaderWriter.HeaderValue.ENABLED
, will contain a value of 1, but will not specify the mode as blocked. In this instance, any content will be attempted to be fixed. For example:X-XSS-Protection: 1
IfXXssProtectionHeaderWriter.HeaderValue.ENABLED_MODE_BLOCK
, will contain a value of 1 and will specify mode as blocked. The content will be replaced with "#". For example:X-XSS-Protection: 1; mode=block
- Parameters:
headerValue
- the new header value- Since:
- 5.8
-
disable
public HeadersConfigurer<H> disable()
Disables X-XSS-Protection header (does not include it)- Returns:
- the
HeadersConfigurer
for additional configuration
-
and
public HeadersConfigurer<H> and()
Allows completing configuration of X-XSS-Protection and continuing configuration of headers.- Returns:
- the
HeadersConfigurer
for additional configuration
-
-