StaticAllowFromStrategy (spring-security-docs 6.0.0 API)

java.lang.Object

org.springframework.security.web.header.writers.frameoptions.StaticAllowFromStrategy

All Implemented Interfaces:: AllowFromStrategy

@Deprecated public final class StaticAllowFromStrategy extends Object implements AllowFromStrategy

Deprecated.

ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.

Simple implementation of the AllowFromStrategy

Constructor Summary

Constructors

Constructor

Description

StaticAllowFromStrategy(URI uri)

Deprecated.
Method Summary

Modifier and Type

Method

Description

String

getAllowFromValue(jakarta.servlet.http.HttpServletRequest request)

Deprecated.

Gets the value for ALLOW-FROM excluding the ALLOW-FROM.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details
- StaticAllowFromStrategy
  
  public StaticAllowFromStrategy(URI uri)
  
  Deprecated.
Method Details
- getAllowFromValue
  
  public String getAllowFromValue(jakarta.servlet.http.HttpServletRequest request)
  
  Deprecated.
  
  Description copied from interface: AllowFromStrategy
  
  Gets the value for ALLOW-FROM excluding the ALLOW-FROM. For example, the result might be "https://example.com/".
  
  Specified by:
  
  getAllowFromValue in interface AllowFromStrategy
  
  Parameters:
  
  request - the HttpServletRequest
  
  Returns:
  
  the value for ALLOW-FROM or null if no header should be added for this request.