ServerHttpSecurity.HeaderSpec.XssProtectionSpec (spring-security-docs 6.1.2 API)

java.lang.Object

org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.XssProtectionSpec

Enclosing class:: ServerHttpSecurity.HeaderSpec

public final class ServerHttpSecurity.HeaderSpec.XssProtectionSpec extends Object

Configures x-xss-protection response header

See Also:

ServerHttpSecurity.HeaderSpec.xssProtection()

Method Summary

Modifier and Type

Method

Description

ServerHttpSecurity.HeaderSpec

disable()

Disables the x-xss-protection response header

ServerHttpSecurity.HeaderSpec

headerValue(XXssProtectionServerHttpHeadersWriter.HeaderValue headerValue)

Sets the value of x-xss-protection header.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details
- disable
  
  public ServerHttpSecurity.HeaderSpec disable()
  
  Disables the x-xss-protection response header
  
  Returns:
  
  the ServerHttpSecurity.HeaderSpec to continue configuring
- headerValue
  
  public ServerHttpSecurity.HeaderSpec headerValue(XXssProtectionServerHttpHeadersWriter.HeaderValue headerValue)
  
  Sets the value of x-xss-protection header. OWASP recommends using XXssProtectionServerHttpHeadersWriter.HeaderValue.DISABLED.
  
  Parameters:
  
  headerValue - the headerValue
  
  Returns:
  
  the ServerHttpSecurity.HeaderSpec to continue configuring
  
  Since:
  
  5.8