Class StaticAllowFromStrategy

java.lang.Object
org.springframework.security.web.header.writers.frameoptions.StaticAllowFromStrategy
All Implemented Interfaces:
AllowFromStrategy

@Deprecated public final class StaticAllowFromStrategy extends Object implements AllowFromStrategy
Deprecated.
ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.
Simple implementation of the AllowFromStrategy
  • Constructor Details

    • StaticAllowFromStrategy

      public StaticAllowFromStrategy(URI uri)
      Deprecated.
  • Method Details

    • getAllowFromValue

      public String getAllowFromValue(jakarta.servlet.http.HttpServletRequest request)
      Deprecated.
      Description copied from interface: AllowFromStrategy
      Gets the value for ALLOW-FROM excluding the ALLOW-FROM. For example, the result might be "https://example.com/".
      Specified by:
      getAllowFromValue in interface AllowFromStrategy
      Parameters:
      request - the HttpServletRequest
      Returns:
      the value for ALLOW-FROM or null if no header should be added for this request.