Class ServerHttpSecurity.HeaderSpec.ContentSecurityPolicySpec
java.lang.Object
org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.ContentSecurityPolicySpec
- Enclosing class:
- ServerHttpSecurity.HeaderSpec
Configures
Content-Security-Policy
response header.- Since:
- 5.1
- See Also:
-
Method Summary
Modifier and TypeMethodDescriptionand()
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0.policyDirectives
(String policyDirectives) Sets the security policy directive(s) to be used in the response header.reportOnly
(boolean reportOnly) Whether to include theContent-Security-Policy-Report-Only
header in the response.
-
Method Details
-
reportOnly
Whether to include theContent-Security-Policy-Report-Only
header in the response. Otherwise, defaults to theContent-Security-Policy
header.- Parameters:
reportOnly
- whether to only report policy violations- Returns:
- the
ServerHttpSecurity.HeaderSpec
to continue configuring
-
policyDirectives
Sets the security policy directive(s) to be used in the response header.- Parameters:
policyDirectives
- the security policy directive(s)- Returns:
- the
ServerHttpSecurity.HeaderSpec
to continue configuring
-
and
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. UseServerHttpSecurity.HeaderSpec.contentSecurityPolicy(Customizer)
insteadAllows method chaining to continue configuring theServerHttpSecurity
.- Returns:
- the
ServerHttpSecurity.HeaderSpec
to continue configuring
-