root
API
Generated with
root/play/play.filters/play.filters.headers/SecurityHeadersFilter

SecurityHeadersFilter

play.filters.headers.SecurityHeadersFilter
See theSecurityHeadersFilter companion class
object SecurityHeadersFilter

This class sets a number of common security headers on the HTTP request.

NOTE: Because these are security headers, they are "secure by default." If the filter is applied, but these fields are NOT defined in Configuration, the defaults on the filter are NOT omitted, but are instead set to the strictest possible value.

  • {{play.filters.headers.frameOptions}} - sets frameOptions. Some("DENY") by default.

  • {{play.filters.headers.xssProtection}} - sets xssProtection. Some("1; mode=block") by default.

  • {{play.filters.headers.contentTypeOptions}} - sets contentTypeOptions. Some("nosniff") by default.

  • {{play.filters.headers.permittedCrossDomainPolicies}} - sets permittedCrossDomainPolicies. Some("master-only") by default.

  • {{play.filters.headers.contentSecurityPolicy}} - sets contentSecurityPolicy. Some("default-src 'self'") by default.

  • {{play.filters.headers.referrerPolicy}} - sets referrerPolicy. Some("origin-when-cross-origin, strict-origin-when-cross-origin") by default.

  • {{play.filters.headers.allowActionSpecificHeaders}} - sets whether .withHeaders may be used to provide page-specific overrides. False by default.

Attributes

See also
Companion
class
Graph
Supertypes
class Object
trait Matchable
class Any
Self type

Members list

Value members

Concrete methods

def apply(config: SecurityHeadersConfig): SecurityHeadersFilter

Convenience method for creating a SecurityHeadersFilter that reads settings from application.conf. Generally speaking, you'll want to use this or the apply(SecurityHeadersConfig) method.

Convenience method for creating a SecurityHeadersFilter that reads settings from application.conf. Generally speaking, you'll want to use this or the apply(SecurityHeadersConfig) method.

Attributes

Returns

a configured SecurityHeadersFilter.

def apply(config: Configuration): SecurityHeadersFilter

Convenience method for creating a filter using play.api.Configuration. Good for testing.

Convenience method for creating a filter using play.api.Configuration. Good for testing.

Value parameters

config

a configuration object that may contain string settings.

Attributes

Returns

a configured SecurityHeadersFilter.

Concrete fields

val CONTENT_SECURITY_POLICY_HEADER: String
val X_CONTENT_TYPE_OPTIONS_HEADER: String
Generated with