Class XXssProtectionHeaderWriter
java.lang.Object
org.springframework.security.web.header.writers.XXssProtectionHeaderWriter
- All Implemented Interfaces:
HeaderWriter
Renders the X-XSS-Protection header.
- Since:
- 3.2
-
Nested Class Summary
Modifier and TypeClassDescriptionstatic enum
The value of the x-xss-protection header. -
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionvoid
setHeaderValue
(XXssProtectionHeaderWriter.HeaderValue headerValue) Sets the value of the X-XSS-PROTECTION header.toString()
void
writeHeaders
(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) Create aHeader
instance.
-
Constructor Details
-
XXssProtectionHeaderWriter
public XXssProtectionHeaderWriter()Create a new instance
-
-
Method Details
-
writeHeaders
public void writeHeaders(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) Description copied from interface:HeaderWriter
Create aHeader
instance.- Specified by:
writeHeaders
in interfaceHeaderWriter
- Parameters:
request
- the requestresponse
- the response
-
setHeaderValue
Sets the value of the X-XSS-PROTECTION header.If
XXssProtectionHeaderWriter.HeaderValue.DISABLED
, will specify that X-XSS-Protection is disabled. For example:X-XSS-Protection: 0
If
XXssProtectionHeaderWriter.HeaderValue.ENABLED
, will contain a value of 1, but will not specify the mode as blocked. In this instance, any content will be attempted to be fixed. For example:X-XSS-Protection: 1
If
XXssProtectionHeaderWriter.HeaderValue.ENABLED_MODE_BLOCK
, will contain a value of 1 and will specify mode as blocked. The content will be replaced with "#". For example:X-XSS-Protection: 1; mode=block
- Parameters:
headerValue
- the new header value- Throws:
IllegalArgumentException
- when headerValue is null- Since:
- 5.8
-
toString
-