Package org.springframework.security.config.annotation.web.configurers

Class HeadersConfigurer.XXssConfig

java.lang.Object
org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.XXssConfig
Enclosing class:
HeadersConfigurer<H extends HttpSecurityBuilder<H>>
public final class HeadersConfigurer.XXssConfig extends Object

  • Method Details

    • block

      public HeadersConfigurer<H>.XXssConfig block(boolean enabled)
      If false, will not specify the mode as blocked. In this instance, any content will be attempted to be fixed. If true, the content will be replaced with "#".
      Parameters:
      enabled - the new value

    • xssProtectionEnabled

      public HeadersConfigurer<H>.XXssConfig xssProtectionEnabled(boolean enabled)
      If true, the header value will contain a value of 1. For example: 
       X-XSS-Protection: 1
      or if XXssProtectionHeaderWriter.setBlock(boolean) of the given XXssProtectionHeaderWriter is true 
       X-XSS-Protection: 1; mode=block
      If false, will explicitly disable specify that X-XSS-Protection is disabled. For example: 
       X-XSS-Protection: 0
      Parameters:
      enabled - the new value

    • disable

      public HeadersConfigurer<H> disable()
      Disables X-XSS-Protection header (does not include it)
      Returns:
      the HeadersConfigurer for additional configuration

    • and

      public HeadersConfigurer<H> and()
      Allows completing configuration of X-XSS-Protection and continuing configuration of headers.
      Returns:
      the HeadersConfigurer for additional configuration