Class AbstractRequestParameterAllowFromStrategy
java.lang.Object
org.springframework.security.web.header.writers.frameoptions.AbstractRequestParameterAllowFromStrategy
- All Implemented Interfaces:
AllowFromStrategy
- Direct Known Subclasses:
RegExpAllowFromStrategy
,WhiteListedAllowFromStrategy
@Deprecated
public abstract class AbstractRequestParameterAllowFromStrategy
extends Object
implements AllowFromStrategy
Deprecated.
ALLOW-FROM is an obsolete directive that no longer works in modern
browsers. Instead use Content-Security-Policy with the frame-ancestors
directive.
Base class for AllowFromStrategy implementations which use a request parameter to
retrieve the origin. By default the parameter named
x-frames-allow-from
is
read from the request.- Since:
- 3.2
-
Field Summary
Modifier and TypeFieldDescriptionprotected final org.apache.commons.logging.Log
Deprecated.Logger for use by subclasses -
Method Summary
Modifier and TypeMethodDescriptionprotected abstract boolean
Deprecated.Method to be implemented by base classes, used to determine if the supplied origin is allowed.getAllowFromValue
(jakarta.servlet.http.HttpServletRequest request) Deprecated.Gets the value for ALLOW-FROM excluding the ALLOW-FROM.void
setAllowFromParameterName
(String allowFromParameterName) Deprecated.Sets the HTTP parameter used to retrieve the value for the origin that is allowed from.
-
Field Details
-
log
protected final org.apache.commons.logging.Log logDeprecated.Logger for use by subclasses
-
-
Method Details
-
getAllowFromValue
Deprecated.Description copied from interface:AllowFromStrategy
Gets the value for ALLOW-FROM excluding the ALLOW-FROM. For example, the result might be "https://example.com/".- Specified by:
getAllowFromValue
in interfaceAllowFromStrategy
- Parameters:
request
- theHttpServletRequest
- Returns:
- the value for ALLOW-FROM or null if no header should be added for this request.
-
setAllowFromParameterName
Deprecated.Sets the HTTP parameter used to retrieve the value for the origin that is allowed from. The value of the parameter should be a valid URL. The default parameter name is "x-frames-allow-from".- Parameters:
allowFromParameterName
- the name of the HTTP parameter to
-
allowed
Deprecated.Method to be implemented by base classes, used to determine if the supplied origin is allowed.- Parameters:
allowFromOrigin
- the supplied origin- Returns:
true
if the supplied origin is allowed.
-