Package org.springframework.security.web.header.writers.frameoptions

Interface AllowFromStrategy

All Known Implementing Classes:

AbstractRequestParameterAllowFromStrategy, RegExpAllowFromStrategy, StaticAllowFromStrategy, WhiteListedAllowFromStrategy

@Deprecated
public interface AllowFromStrategy

Deprecated.

ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.

Strategy interfaces used by the FrameOptionsHeaderWriter to determine the actual value to use for the X-Frame-Options header when using the ALLOW-FROM directive.

Since:

3.2

Method Summary

Modifier and Type	Method	Description
String	getAllowFromValue(jakarta.servlet.http.HttpServletRequest request)	Deprecated. Gets the value for ALLOW-FROM excluding the ALLOW-FROM.

Method Details

getAllowFromValue

String getAllowFromValue(jakarta.servlet.http.HttpServletRequest request)

Deprecated.

Gets the value for ALLOW-FROM excluding the ALLOW-FROM. For example, the result might be "https://example.com/".

Parameters:

request - the HttpServletRequest

Returns:

the value for ALLOW-FROM or null if no header should be added for this request.