This class sets a number of common security headers on the HTTP request.
NOTE: Because these are security headers, they are "secure by default." If the filter is applied, but these fields are NOT defined in Configuration, the defaults on the filter are NOT omitted, but are instead set to the strictest possible value.
-
{{play.filters.headers.frameOptions}} - sets frameOptions. Some("DENY") by default.
-
{{play.filters.headers.xssProtection}} - sets xssProtection. Some("1; mode=block") by default.
-
{{play.filters.headers.contentTypeOptions}} - sets contentTypeOptions. Some("nosniff") by default.
-
{{play.filters.headers.permittedCrossDomainPolicies}} - sets permittedCrossDomainPolicies. Some("master-only") by default.
-
{{play.filters.headers.contentSecurityPolicy}} - sets contentSecurityPolicy. Some("default-src 'self'") by default.
-
{{play.filters.headers.referrerPolicy}} - sets referrerPolicy. Some("origin-when-cross-origin, strict-origin-when-cross-origin") by default.
-
{{play.filters.headers.allowActionSpecificHeaders}} - sets whether .withHeaders may be used to provide page-specific overrides. False by default.
Attributes
- See also
- Companion
- class
- Graph
-
- Supertypes
-
class Objecttrait Matchableclass Any
- Self type