Class RegExpAllowFromStrategy
java.lang.Object
org.springframework.security.web.header.writers.frameoptions.AbstractRequestParameterAllowFromStrategy
org.springframework.security.web.header.writers.frameoptions.RegExpAllowFromStrategy
- All Implemented Interfaces:
AllowFromStrategy
@Deprecated
public final class RegExpAllowFromStrategy
extends AbstractRequestParameterAllowFromStrategy
Deprecated.
ALLOW-FROM is an obsolete directive that no longer works in modern
browsers. Instead use Content-Security-Policy with the frame-ancestors
directive.
Implementation which uses a regular expression to validate the supplied origin. If the
value of the HTTP parameter matches the pattern, then the result will be ALLOW-FROM
<paramter-value>.
- Since:
- 3.2
-
Field Summary
Fields inherited from class org.springframework.security.web.header.writers.frameoptions.AbstractRequestParameterAllowFromStrategy
log
-
Constructor Summary
-
Method Summary
Methods inherited from class org.springframework.security.web.header.writers.frameoptions.AbstractRequestParameterAllowFromStrategy
getAllowFromValue, setAllowFromParameterName
-
Constructor Details
-
RegExpAllowFromStrategy
Deprecated.Creates a new instance- Parameters:
pattern
- the Pattern to compare against the HTTP parameter value. If the pattern matches, the domain will be allowed, else denied.
-
-
Method Details
-
allowed
Deprecated.Description copied from class:AbstractRequestParameterAllowFromStrategy
Method to be implemented by base classes, used to determine if the supplied origin is allowed.- Specified by:
allowed
in classAbstractRequestParameterAllowFromStrategy
- Parameters:
allowFromOrigin
- the supplied origin- Returns:
true
if the supplied origin is allowed.
-