HeadersConfigurer.ContentSecurityPolicyConfig (spring-security-docs 6.2.4 API)

java.lang.Object

org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.ContentSecurityPolicyConfig

Enclosing class:: HeadersConfigurer<H extends HttpSecurityBuilder<H>>

public final class HeadersConfigurer.ContentSecurityPolicyConfig extends Object

Method Summary

Modifier and Type

Method

Description

HeadersConfigurer<H>

and()

Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0.

HeadersConfigurer<H>.ContentSecurityPolicyConfig

policyDirectives(String policyDirectives)

Sets the security policy directive(s) to be used in the response header.

HeadersConfigurer<H>.ContentSecurityPolicyConfig

reportOnly()

Enables (includes) the Content-Security-Policy-Report-Only header in the response.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details
- policyDirectives
  
  public HeadersConfigurer<H>.ContentSecurityPolicyConfig policyDirectives(String policyDirectives)
  
  Sets the security policy directive(s) to be used in the response header.
  
  Parameters:
  
  policyDirectives - the security policy directive(s)
  
  Returns:
  
  the HeadersConfigurer<H extends HttpSecurityBuilder<H>>.ContentSecurityPolicyConfig for additional configuration
  
  Throws:
  
  IllegalArgumentException - if policyDirectives is null or empty
- reportOnly
  
  public HeadersConfigurer<H>.ContentSecurityPolicyConfig reportOnly()
  
  Enables (includes) the Content-Security-Policy-Report-Only header in the response.
  
  Returns:
  
  the HeadersConfigurer<H extends HttpSecurityBuilder<H>>.ContentSecurityPolicyConfig for additional configuration
- and
  
  @Deprecated(since="6.1", forRemoval=true) public HeadersConfigurer<H> and()
  
  Deprecated, for removal: This API element is subject to removal in a future version.
  For removal in 7.0. Use HeadersConfigurer.contentSecurityPolicy(Customizer) instead
  
  Allows completing configuration of Content Security Policy and continuing configuration of headers.
  
  Returns:
  
  the HeadersConfigurer for additional configuration