Class WhiteListedAllowFromStrategy
java.lang.Object
org.springframework.security.web.header.writers.frameoptions.AbstractRequestParameterAllowFromStrategy
org.springframework.security.web.header.writers.frameoptions.WhiteListedAllowFromStrategy
- All Implemented Interfaces:
AllowFromStrategy
@Deprecated
public final class WhiteListedAllowFromStrategy
extends AbstractRequestParameterAllowFromStrategy
Deprecated.
ALLOW-FROM is an obsolete directive that no longer works in modern
browsers. Instead use Content-Security-Policy with the frame-ancestors
directive.
Implementation which checks the supplied origin against a list of allowed origins.
- Since:
- 3.2
-
Field Summary
Fields inherited from class org.springframework.security.web.header.writers.frameoptions.AbstractRequestParameterAllowFromStrategy
log -
Constructor Summary
ConstructorsConstructorDescriptionWhiteListedAllowFromStrategy(Collection<String> allowed) Deprecated.Creates a new instance -
Method Summary
Methods inherited from class org.springframework.security.web.header.writers.frameoptions.AbstractRequestParameterAllowFromStrategy
getAllowFromValue, setAllowFromParameterName
-
Constructor Details
-
WhiteListedAllowFromStrategy
Deprecated.Creates a new instance- Parameters:
allowed- the origins that are allowed.
-
-
Method Details
-
allowed
Deprecated.Description copied from class:AbstractRequestParameterAllowFromStrategyMethod to be implemented by base classes, used to determine if the supplied origin is allowed.- Specified by:
allowedin classAbstractRequestParameterAllowFromStrategy- Parameters:
allowFromOrigin- the supplied origin- Returns:
trueif the supplied origin is allowed.
-