Class RegExpAllowFromStrategy

java.lang.Object
org.springframework.security.web.header.writers.frameoptions.AbstractRequestParameterAllowFromStrategy
org.springframework.security.web.header.writers.frameoptions.RegExpAllowFromStrategy
All Implemented Interfaces:
AllowFromStrategy

@Deprecated public final class RegExpAllowFromStrategy extends AbstractRequestParameterAllowFromStrategy
Deprecated.
ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.
Implementation which uses a regular expression to validate the supplied origin. If the value of the HTTP parameter matches the pattern, then the result will be ALLOW-FROM <paramter-value>.
Since:
3.2
  • Constructor Details

    • RegExpAllowFromStrategy

      public RegExpAllowFromStrategy(String pattern)
      Deprecated.
      Creates a new instance
      Parameters:
      pattern - the Pattern to compare against the HTTP parameter value. If the pattern matches, the domain will be allowed, else denied.
  • Method Details