Class XXssProtectionHeaderWriter
java.lang.Object
org.springframework.security.web.header.writers.XXssProtectionHeaderWriter
- All Implemented Interfaces:
HeaderWriter
Renders the X-XSS-Protection header.
- Since:
- 3.2
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic enumThe value of the x-xss-protection header. -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionvoidsetHeaderValue(XXssProtectionHeaderWriter.HeaderValue headerValue) Sets the value of the X-XSS-PROTECTION header.toString()voidwriteHeaders(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) Create aHeaderinstance.
-
Constructor Details
-
XXssProtectionHeaderWriter
public XXssProtectionHeaderWriter()Create a new instance
-
-
Method Details
-
writeHeaders
public void writeHeaders(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) Description copied from interface:HeaderWriterCreate aHeaderinstance.- Specified by:
writeHeadersin interfaceHeaderWriter- Parameters:
request- the requestresponse- the response
-
setHeaderValue
Sets the value of the X-XSS-PROTECTION header.If
XXssProtectionHeaderWriter.HeaderValue.DISABLED, will specify that X-XSS-Protection is disabled. For example:X-XSS-Protection: 0
If
XXssProtectionHeaderWriter.HeaderValue.ENABLED, will contain a value of 1, but will not specify the mode as blocked. In this instance, any content will be attempted to be fixed. For example:X-XSS-Protection: 1
If
XXssProtectionHeaderWriter.HeaderValue.ENABLED_MODE_BLOCK, will contain a value of 1 and will specify mode as blocked. The content will be replaced with "#". For example:X-XSS-Protection: 1; mode=block
- Parameters:
headerValue- the new header value- Throws:
IllegalArgumentException- when headerValue is null- Since:
- 5.8
-
toString
-