Interface AllowFromStrategy
- All Known Implementing Classes:
AbstractRequestParameterAllowFromStrategy
,RegExpAllowFromStrategy
,StaticAllowFromStrategy
,WhiteListedAllowFromStrategy
Deprecated.
ALLOW-FROM is an obsolete directive that no longer works in modern
browsers. Instead use Content-Security-Policy with the frame-ancestors
directive.
Strategy interfaces used by the
FrameOptionsHeaderWriter
to determine the
actual value to use for the X-Frame-Options header when using the ALLOW-FROM directive.- Since:
- 3.2
-
Method Summary
Modifier and TypeMethodDescriptiongetAllowFromValue
(jakarta.servlet.http.HttpServletRequest request) Deprecated.Gets the value for ALLOW-FROM excluding the ALLOW-FROM.
-
Method Details
-
getAllowFromValue
Deprecated.Gets the value for ALLOW-FROM excluding the ALLOW-FROM. For example, the result might be "https://example.com/".- Parameters:
request
- theHttpServletRequest
- Returns:
- the value for ALLOW-FROM or null if no header should be added for this request.
-