Class HeadersConfigurer.FrameOptionsConfig

java.lang.Object
org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.FrameOptionsConfig
Enclosing class:
HeadersConfigurer<H extends HttpSecurityBuilder<H>>

public final class HeadersConfigurer.FrameOptionsConfig extends Object
  • Method Details

    • deny

      public HeadersConfigurer<H> deny()
      Specify to DENY framing any content from this application.
      Returns:
      the HeadersConfigurer for additional customization.
    • sameOrigin

      public HeadersConfigurer<H> sameOrigin()

      Specify to allow any request that comes from the same origin to frame this application. For example, if the application was hosted on example.com, then example.com could frame the application, but evil.com could not frame the application.

      Returns:
      the HeadersConfigurer for additional customization.
    • disable

      public HeadersConfigurer<H> disable()
      Prevents the header from being added to the response.
      Returns:
      the HeadersConfigurer for additional configuration.
    • and

      @Deprecated(since="6.1", forRemoval=true) public HeadersConfigurer<H> and()
      Deprecated, for removal: This API element is subject to removal in a future version.
      For removal in 7.0. Use HeadersConfigurer.frameOptions(Customizer) or frameOptions(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
      Allows continuing customizing the headers configuration.
      Returns:
      the HeadersConfigurer for additional configuration