Class XFrameOptionsHeaderWriter
java.lang.Object
org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter
- All Implemented Interfaces:
HeaderWriter
HeaderWriter
implementation for the X-Frame-Options headers. When using the
ALLOW-FROM directive the actual value is determined by a AllowFromStrategy
.- Since:
- 3.2
- See Also:
-
Nested Class Summary
Modifier and TypeClassDescriptionstatic enum
The possible values for the X-Frame-Options header. -
Field Summary
-
Constructor Summary
ConstructorDescriptionCreates an instance withXFrameOptionsHeaderWriter.XFrameOptionsMode.DENY
XFrameOptionsHeaderWriter
(AllowFromStrategy allowFromStrategy) Deprecated.ALLOW-FROM is an obsolete directive that no longer works in modern browsers.XFrameOptionsHeaderWriter
(XFrameOptionsHeaderWriter.XFrameOptionsMode frameOptionsMode) Creates a new instance -
Method Summary
Modifier and TypeMethodDescriptionvoid
writeHeaders
(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) Writes the X-Frame-Options header value, overwritting any previous value.
-
Field Details
-
XFRAME_OPTIONS_HEADER
- See Also:
-
-
Constructor Details
-
XFrameOptionsHeaderWriter
public XFrameOptionsHeaderWriter()Creates an instance withXFrameOptionsHeaderWriter.XFrameOptionsMode.DENY
-
XFrameOptionsHeaderWriter
Creates a new instance- Parameters:
frameOptionsMode
- theXFrameOptionsHeaderWriter.XFrameOptionsMode
to use. If usingXFrameOptionsHeaderWriter.XFrameOptionsMode.ALLOW_FROM
, useXFrameOptionsHeaderWriter(AllowFromStrategy)
instead.
-
XFrameOptionsHeaderWriter
Deprecated.ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.Creates a new instance withXFrameOptionsHeaderWriter.XFrameOptionsMode.ALLOW_FROM
.- Parameters:
allowFromStrategy
- the strategy for determining what the value for ALLOW_FROM is.
-
-
Method Details
-
writeHeaders
public void writeHeaders(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) Writes the X-Frame-Options header value, overwritting any previous value.- Specified by:
writeHeaders
in interfaceHeaderWriter
- Parameters:
request
- the servlet requestresponse
- the servlet response
-