Class ServerHttpSecurity.HeaderSpec
java.lang.Object
org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
- Enclosing class:
- ServerHttpSecurity
Configures HTTP Response Headers.
- Since:
- 5.0
- See Also:
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionfinal classConfigures cache control headersfinal classConfiguresContent-Security-Policyresponse header.final classThe content type headersfinal classConfigures the Cross-Origin-Embedder-Policy headerfinal classConfigures the Cross-Origin-Opener-Policy headerfinal classConfigures the Cross-Origin-Resource-Policy headerfinal classConfiguresFeature-Policyresponse header.final classConfigures frame options response headerfinal classConfigures Strict Transport Security response headerfinal classConfiguresPermissions-Policyresponse header.final classConfiguresReferrer-Policyresponse header.final classConfigures x-xss-protection response header -
Method Summary
Modifier and TypeMethodDescriptionand()Allows method chaining to continue configuring theServerHttpSecuritycache()Configures cache control headerscache(Customizer<ServerHttpSecurity.HeaderSpec.CacheSpec> cacheCustomizer) Configures cache control headersprotected voidconfigure(ServerHttpSecurity http) contentSecurityPolicy(String policyDirectives) ConfiguresContent-Security-Policyresponse header.contentSecurityPolicy(Customizer<ServerHttpSecurity.HeaderSpec.ContentSecurityPolicySpec> contentSecurityPolicyCustomizer) ConfiguresContent-Security-Policyresponse header.Configures content type response headerscontentTypeOptions(Customizer<ServerHttpSecurity.HeaderSpec.ContentTypeOptionsSpec> contentTypeOptionsCustomizer) Configures content type response headersConfigures the Cross-Origin-Embedder-Policy header.crossOriginEmbedderPolicy(Customizer<ServerHttpSecurity.HeaderSpec.CrossOriginEmbedderPolicySpec> crossOriginEmbedderPolicyCustomizer) Configures the Cross-Origin-Embedder-Policy header.Configures the Cross-Origin-Opener-Policy header.crossOriginOpenerPolicy(Customizer<ServerHttpSecurity.HeaderSpec.CrossOriginOpenerPolicySpec> crossOriginOpenerPolicyCustomizer) Configures the Cross-Origin-Opener-Policy header.Configures the Cross-Origin-Resource-Policy header.crossOriginResourcePolicy(Customizer<ServerHttpSecurity.HeaderSpec.CrossOriginResourcePolicySpec> crossOriginResourcePolicyCustomizer) Configures the Cross-Origin-Resource-Policy header.disable()Disables http response headersfeaturePolicy(String policyDirectives) Deprecated.Configures frame options response headersframeOptions(Customizer<ServerHttpSecurity.HeaderSpec.FrameOptionsSpec> frameOptionsCustomizer) Configures frame options response headershsts()Configures the Strict Transport Security response headershsts(Customizer<ServerHttpSecurity.HeaderSpec.HstsSpec> hstsCustomizer) Configures the Strict Transport Security response headersConfiguresPermissions-Policyresponse header.permissionsPolicy(Customizer<ServerHttpSecurity.HeaderSpec.PermissionsPolicySpec> permissionsPolicyCustomizer) ConfiguresPermissions-Policyresponse header.ConfiguresReferrer-Policyresponse header.referrerPolicy(Customizer<ServerHttpSecurity.HeaderSpec.ReferrerPolicySpec> referrerPolicyCustomizer) ConfiguresReferrer-Policyresponse header.referrerPolicy(ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy referrerPolicy) ConfiguresReferrer-Policyresponse header.writer(ServerHttpHeadersWriter serverHttpHeadersWriter) Configures custom headers writerConfigures x-xss-protection response header.xssProtection(Customizer<ServerHttpSecurity.HeaderSpec.XssProtectionSpec> xssProtectionCustomizer) Configures x-xss-protection response header.
-
Method Details
-
and
Allows method chaining to continue configuring theServerHttpSecurity- Returns:
- the
ServerHttpSecurityto continue configuring
-
disable
Disables http response headers- Returns:
- the
ServerHttpSecurityto continue configuring
-
cache
Configures cache control headers- Returns:
- the
ServerHttpSecurity.HeaderSpec.CacheSpecto configure
-
cache
public ServerHttpSecurity.HeaderSpec cache(Customizer<ServerHttpSecurity.HeaderSpec.CacheSpec> cacheCustomizer) Configures cache control headers- Parameters:
cacheCustomizer- theCustomizerto provide more options for theServerHttpSecurity.HeaderSpec.CacheSpec- Returns:
- the
ServerHttpSecurity.HeaderSpecto customize
-
contentTypeOptions
Configures content type response headers- Returns:
- the
ServerHttpSecurity.HeaderSpec.ContentTypeOptionsSpecto configure
-
contentTypeOptions
public ServerHttpSecurity.HeaderSpec contentTypeOptions(Customizer<ServerHttpSecurity.HeaderSpec.ContentTypeOptionsSpec> contentTypeOptionsCustomizer) Configures content type response headers- Parameters:
contentTypeOptionsCustomizer- theCustomizerto provide more options for theServerHttpSecurity.HeaderSpec.ContentTypeOptionsSpec- Returns:
- the
ServerHttpSecurity.HeaderSpecto customize
-
frameOptions
Configures frame options response headers- Returns:
- the
ServerHttpSecurity.HeaderSpec.FrameOptionsSpecto configure
-
frameOptions
public ServerHttpSecurity.HeaderSpec frameOptions(Customizer<ServerHttpSecurity.HeaderSpec.FrameOptionsSpec> frameOptionsCustomizer) Configures frame options response headers- Parameters:
frameOptionsCustomizer- theCustomizerto provide more options for theServerHttpSecurity.HeaderSpec.FrameOptionsSpec- Returns:
- the
ServerHttpSecurity.HeaderSpecto customize
-
writer
Configures custom headers writer- Parameters:
serverHttpHeadersWriter- theServerHttpHeadersWriterto provide custom headers writer- Returns:
- the
ServerHttpSecurity.HeaderSpecto customize - Since:
- 5.3.0
-
hsts
Configures the Strict Transport Security response headers- Returns:
- the
ServerHttpSecurity.HeaderSpec.HstsSpecto configure
-
hsts
public ServerHttpSecurity.HeaderSpec hsts(Customizer<ServerHttpSecurity.HeaderSpec.HstsSpec> hstsCustomizer) Configures the Strict Transport Security response headers- Parameters:
hstsCustomizer- theCustomizerto provide more options for theServerHttpSecurity.HeaderSpec.HstsSpec- Returns:
- the
ServerHttpSecurity.HeaderSpecto customize
-
configure
-
xssProtection
Configures x-xss-protection response header.- Returns:
- the
ServerHttpSecurity.HeaderSpec.XssProtectionSpecto configure
-
xssProtection
public ServerHttpSecurity.HeaderSpec xssProtection(Customizer<ServerHttpSecurity.HeaderSpec.XssProtectionSpec> xssProtectionCustomizer) Configures x-xss-protection response header.- Parameters:
xssProtectionCustomizer- theCustomizerto provide more options for theServerHttpSecurity.HeaderSpec.XssProtectionSpec- Returns:
- the
ServerHttpSecurity.HeaderSpecto customize
-
contentSecurityPolicy
public ServerHttpSecurity.HeaderSpec.ContentSecurityPolicySpec contentSecurityPolicy(String policyDirectives) ConfiguresContent-Security-Policyresponse header.- Parameters:
policyDirectives- the policy directive(s)- Returns:
- the
ServerHttpSecurity.HeaderSpec.ContentSecurityPolicySpecto configure
-
contentSecurityPolicy
public ServerHttpSecurity.HeaderSpec contentSecurityPolicy(Customizer<ServerHttpSecurity.HeaderSpec.ContentSecurityPolicySpec> contentSecurityPolicyCustomizer) ConfiguresContent-Security-Policyresponse header.- Parameters:
contentSecurityPolicyCustomizer- theCustomizerto provide more options for theServerHttpSecurity.HeaderSpec.ContentSecurityPolicySpec- Returns:
- the
ServerHttpSecurity.HeaderSpecto customize
-
featurePolicy
@Deprecated public ServerHttpSecurity.HeaderSpec.FeaturePolicySpec featurePolicy(String policyDirectives) Deprecated.UsepermissionsPolicy(Customizer)instead.ConfiguresFeature-Policyresponse header.- Parameters:
policyDirectives- the policy- Returns:
- the
ServerHttpSecurity.HeaderSpec.FeaturePolicySpecto configure
-
permissionsPolicy
ConfiguresPermissions-Policyresponse header.- Returns:
- the
ServerHttpSecurity.HeaderSpec.PermissionsPolicySpecto configure
-
permissionsPolicy
public ServerHttpSecurity.HeaderSpec permissionsPolicy(Customizer<ServerHttpSecurity.HeaderSpec.PermissionsPolicySpec> permissionsPolicyCustomizer) ConfiguresPermissions-Policyresponse header.- Parameters:
permissionsPolicyCustomizer- theCustomizerto provide more options for theServerHttpSecurity.HeaderSpec.PermissionsPolicySpec- Returns:
- the
ServerHttpSecurity.HeaderSpecto customize
-
referrerPolicy
public ServerHttpSecurity.HeaderSpec.ReferrerPolicySpec referrerPolicy(ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy referrerPolicy) ConfiguresReferrer-Policyresponse header.- Parameters:
referrerPolicy- the policy to use- Returns:
- the
ServerHttpSecurity.HeaderSpec.ReferrerPolicySpecto configure
-
referrerPolicy
ConfiguresReferrer-Policyresponse header.- Returns:
- the
ServerHttpSecurity.HeaderSpec.ReferrerPolicySpecto configure
-
referrerPolicy
public ServerHttpSecurity.HeaderSpec referrerPolicy(Customizer<ServerHttpSecurity.HeaderSpec.ReferrerPolicySpec> referrerPolicyCustomizer) ConfiguresReferrer-Policyresponse header.- Parameters:
referrerPolicyCustomizer- theCustomizerto provide more options for theServerHttpSecurity.HeaderSpec.ReferrerPolicySpec- Returns:
- the
ServerHttpSecurity.HeaderSpecto customize
-
crossOriginOpenerPolicy
Configures the Cross-Origin-Opener-Policy header.- Returns:
- the
ServerHttpSecurity.HeaderSpec.CrossOriginOpenerPolicySpecto configure - Since:
- 5.7
- See Also:
-
crossOriginOpenerPolicy
public ServerHttpSecurity.HeaderSpec crossOriginOpenerPolicy(Customizer<ServerHttpSecurity.HeaderSpec.CrossOriginOpenerPolicySpec> crossOriginOpenerPolicyCustomizer) Configures the Cross-Origin-Opener-Policy header.- Returns:
- the
ServerHttpSecurity.HeaderSpecto customize - Since:
- 5.7
- See Also:
-
crossOriginEmbedderPolicy
Configures the Cross-Origin-Embedder-Policy header.- Returns:
- the
ServerHttpSecurity.HeaderSpec.CrossOriginEmbedderPolicySpecto configure - Since:
- 5.7
- See Also:
-
crossOriginEmbedderPolicy
public ServerHttpSecurity.HeaderSpec crossOriginEmbedderPolicy(Customizer<ServerHttpSecurity.HeaderSpec.CrossOriginEmbedderPolicySpec> crossOriginEmbedderPolicyCustomizer) Configures the Cross-Origin-Embedder-Policy header.- Returns:
- the
ServerHttpSecurity.HeaderSpecto customize - Since:
- 5.7
- See Also:
-
crossOriginResourcePolicy
Configures the Cross-Origin-Resource-Policy header.- Returns:
- the
ServerHttpSecurity.HeaderSpec.CrossOriginResourcePolicySpecto configure - Since:
- 5.7
- See Also:
-
crossOriginResourcePolicy
public ServerHttpSecurity.HeaderSpec crossOriginResourcePolicy(Customizer<ServerHttpSecurity.HeaderSpec.CrossOriginResourcePolicySpec> crossOriginResourcePolicyCustomizer) Configures the Cross-Origin-Resource-Policy header.- Returns:
- the
ServerHttpSecurity.HeaderSpecto customize - Since:
- 5.7
- See Also:
-
permissionsPolicy(Customizer)instead.