Package org.springframework.security.web.header.writers

Class XXssProtectionHeaderWriter

java.lang.Object

org.springframework.security.web.header.writers.XXssProtectionHeaderWriter

All Implemented Interfaces:

HeaderWriter

public final class XXssProtectionHeaderWriter
extends Object
implements HeaderWriter

Renders the X-XSS-Protection header.

Since:

3.2

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static enum	XXssProtectionHeaderWriter.HeaderValue	The value of the x-xss-protection header.

Constructor Summary

Constructors

Constructor	Description
XXssProtectionHeaderWriter()	Create a new instance

Method Summary

Modifier and Type	Method	Description
void	setBlock(boolean block)	Deprecated. use setHeaderValue(HeaderValue) instead
void	setEnabled(boolean enabled)	Deprecated. use setHeaderValue(HeaderValue) instead
void	setHeaderValue(XXssProtectionHeaderWriter.HeaderValue headerValue)	Sets the value of the X-XSS-PROTECTION header.
String	toString()
void	writeHeaders(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)	Create a Header instance.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Details

XXssProtectionHeaderWriter

public XXssProtectionHeaderWriter()

Create a new instance

Method Details

writeHeaders

public void writeHeaders(javax.servlet.http.HttpServletRequest request,
 javax.servlet.http.HttpServletResponse response)

Description copied from interface: HeaderWriter

Create a Header instance.

Specified by:

writeHeaders in interface HeaderWriter

Parameters:

request - the request

response - the response

setEnabled

@Deprecated
public void setEnabled(boolean enabled)

Deprecated.

use setHeaderValue(HeaderValue) instead

If true, will contain a value of 1. For example:

 X-XSS-Protection: 1
 

or if setBlock(boolean) is true

 X-XSS-Protection: 1; mode=block
 

If false, will explicitly disable specify that X-XSS-Protection is disabled. For example:

 X-XSS-Protection: 0
 

Parameters:

enabled - the new value

setBlock

@Deprecated
public void setBlock(boolean block)

Deprecated.

use setHeaderValue(HeaderValue) instead

If false, will not specify the mode as blocked. In this instance, any content will be attempted to be fixed. If true, the content will be replaced with "#".

Parameters:

block - the new value

setHeaderValue

public void setHeaderValue(XXssProtectionHeaderWriter.HeaderValue headerValue)

Sets the value of the X-XSS-PROTECTION header.

If XXssProtectionHeaderWriter.HeaderValue.DISABLED, will specify that X-XSS-Protection is disabled. For example:

 X-XSS-Protection: 0
 

If XXssProtectionHeaderWriter.HeaderValue.ENABLED, will contain a value of 1, but will not specify the mode as blocked. In this instance, any content will be attempted to be fixed. For example:

 X-XSS-Protection: 1
 

If XXssProtectionHeaderWriter.HeaderValue.ENABLED_MODE_BLOCK, will contain a value of 1 and will specify mode as blocked. The content will be replaced with "#". For example:

 X-XSS-Protection: 1; mode=block
 

Parameters:

headerValue - the new header value

Throws:

IllegalArgumentException - when headerValue is null

Since:

5.8

toString

public String toString()

Overrides:

toString in class Object