Package org.springframework.security.web.server.header

Class ContentSecurityPolicyServerHttpHeadersWriter

java.lang.Object

org.springframework.security.web.server.header.ContentSecurityPolicyServerHttpHeadersWriter

All Implemented Interfaces:

ServerHttpHeadersWriter

public final class ContentSecurityPolicyServerHttpHeadersWriter
extends Object
implements ServerHttpHeadersWriter

Writes the Contet-Security-Policy response header with configured policy directives.

Since:

5.1

Field Summary

Fields

Modifier and Type	Field	Description
static final String	CONTENT_SECURITY_POLICY
static final String	CONTENT_SECURITY_POLICY_REPORT_ONLY

Constructor Summary

Constructors

Constructor	Description
ContentSecurityPolicyServerHttpHeadersWriter()

Method Summary

Modifier and Type	Method	Description
void	setPolicyDirectives(String policyDirectives)	Set the policy directive(s) to be used in the response header.
void	setReportOnly(boolean reportOnly)	Set whether to include the Content-Security-Policy-Report-Only header in the response.
reactor.core.publisher.Mono<Void>	writeHttpHeaders(org.springframework.web.server.ServerWebExchange exchange)	Write the headers to the response.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

CONTENT_SECURITY_POLICY

public static final String CONTENT_SECURITY_POLICY

See Also:

• Constant Field Values

CONTENT_SECURITY_POLICY_REPORT_ONLY

public static final String CONTENT_SECURITY_POLICY_REPORT_ONLY

See Also:

• Constant Field Values

Constructor Details

ContentSecurityPolicyServerHttpHeadersWriter

public ContentSecurityPolicyServerHttpHeadersWriter()

Method Details

writeHttpHeaders

public reactor.core.publisher.Mono<Void> writeHttpHeaders(org.springframework.web.server.ServerWebExchange exchange)

Description copied from interface: ServerHttpHeadersWriter

Write the headers to the response.

Specified by:

writeHttpHeaders in interface ServerHttpHeadersWriter

Returns:

A Mono which is returned to the Supplier of the ReactiveHttpOutputMessage.beforeCommit(Supplier).

setPolicyDirectives

public void setPolicyDirectives(String policyDirectives)

Set the policy directive(s) to be used in the response header.

Parameters:

policyDirectives - the policy directive(s)

Throws:

IllegalArgumentException - if policyDirectives is null or empty

setReportOnly

public void setReportOnly(boolean reportOnly)

Set whether to include the Content-Security-Policy-Report-Only header in the response. Otherwise, defaults to the Content-Security-Policy header.

Parameters:

reportOnly - whether to only report policy violations