Class ContentSecurityPolicyServerHttpHeadersWriter
java.lang.Object
org.springframework.security.web.server.header.ContentSecurityPolicyServerHttpHeadersWriter
- All Implemented Interfaces:
ServerHttpHeadersWriter
public final class ContentSecurityPolicyServerHttpHeadersWriter
extends Object
implements ServerHttpHeadersWriter
Writes the
Contet-Security-Policy
response header with configured policy
directives.- Since:
- 5.1
-
Field Summary
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionvoid
setPolicyDirectives
(String policyDirectives) Set the policy directive(s) to be used in the response header.void
setReportOnly
(boolean reportOnly) Set whether to include theContent-Security-Policy-Report-Only
header in the response.reactor.core.publisher.Mono<Void>
writeHttpHeaders
(org.springframework.web.server.ServerWebExchange exchange) Write the headers to the response.
-
Field Details
-
CONTENT_SECURITY_POLICY
- See Also:
-
CONTENT_SECURITY_POLICY_REPORT_ONLY
- See Also:
-
-
Constructor Details
-
ContentSecurityPolicyServerHttpHeadersWriter
public ContentSecurityPolicyServerHttpHeadersWriter()
-
-
Method Details
-
writeHttpHeaders
public reactor.core.publisher.Mono<Void> writeHttpHeaders(org.springframework.web.server.ServerWebExchange exchange) Description copied from interface:ServerHttpHeadersWriter
Write the headers to the response.- Specified by:
writeHttpHeaders
in interfaceServerHttpHeadersWriter
- Returns:
- A Mono which is returned to the
Supplier
of theReactiveHttpOutputMessage.beforeCommit(Supplier)
.
-
setPolicyDirectives
Set the policy directive(s) to be used in the response header.- Parameters:
policyDirectives
- the policy directive(s)- Throws:
IllegalArgumentException
- if policyDirectives isnull
or empty
-
setReportOnly
public void setReportOnly(boolean reportOnly) Set whether to include theContent-Security-Policy-Report-Only
header in the response. Otherwise, defaults to theContent-Security-Policy
header.- Parameters:
reportOnly
- whether to only report policy violations
-