All Known Implementing Classes:
AbstractRequestParameterAllowFromStrategy, RegExpAllowFromStrategy, StaticAllowFromStrategy, WhiteListedAllowFromStrategy

@Deprecated public interface AllowFromStrategy
Deprecated.
ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.
Strategy interfaces used by the FrameOptionsHeaderWriter to determine the actual value to use for the X-Frame-Options header when using the ALLOW-FROM directive.
Since:
3.2
  • Method Summary

    Modifier and Type
    Method
    Description
    getAllowFromValue(jakarta.servlet.http.HttpServletRequest request)
    Deprecated.
    Gets the value for ALLOW-FROM excluding the ALLOW-FROM.
  • Method Details

    • getAllowFromValue

      String getAllowFromValue(jakarta.servlet.http.HttpServletRequest request)
      Deprecated.
      Gets the value for ALLOW-FROM excluding the ALLOW-FROM. For example, the result might be "https://example.com/".
      Parameters:
      request - the HttpServletRequest
      Returns:
      the value for ALLOW-FROM or null if no header should be added for this request.