Class HttpHeadersRequestProperties
java.lang.Object
org.apereo.cas.configuration.model.core.web.security.HttpHeadersRequestProperties
- All Implemented Interfaces:
Serializable
@RequiresModule(name="cas-server-core-web",
automated=true)
public class HttpHeadersRequestProperties
extends Object
implements Serializable
This is
HttpHeadersRequestProperties.- Since:
- 5.3.0
- See Also:
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionFiles with these extensions are considered static, so they will be cached by browsers.Helps you reduce XSS risks on modern browsers by declaring what dynamic resources are allowed to load via a HTTP Header.Control the value of theStrict-Transport-Securityheader.Will inject values into theX-Frame-Optionsheader into the response.Will inject values into theX-XSS-Protectionheader into the response.booleanisCache()When true, will inject the following headers into the response for non-static resources.booleanAllow CAS to inject and enforce http security headers via an http filter that are outlined here for caching, HSTS, etc.booleanisHsts()When true, will inject the following headers into the response:Strict-Transport-Security: ....booleanWhen true, will inject the following headers into the response:X-Content-Type-Options: nosniff.booleanisXframe()When true, will inject the following headers into the response:X-Frame-Options: DENY.booleanisXss()When true, will inject the following headers into the response:X-XSS-Protection: 1; mode=block.setCache(boolean cache) When true, will inject the following headers into the response for non-static resources.setCacheControlStaticResources(String cacheControlStaticResources) Files with these extensions are considered static, so they will be cached by browsers.setContentSecurityPolicy(String contentSecurityPolicy) Helps you reduce XSS risks on modern browsers by declaring what dynamic resources are allowed to load via a HTTP Header.setEnabled(boolean enabled) Allow CAS to inject and enforce http security headers via an http filter that are outlined here for caching, HSTS, etc.setHsts(boolean hsts) When true, will inject the following headers into the response:Strict-Transport-Security: ....setHstsOptions(String hstsOptions) Control the value of theStrict-Transport-Securityheader.setXcontent(boolean xcontent) When true, will inject the following headers into the response:X-Content-Type-Options: nosniff.setXframe(boolean xframe) When true, will inject the following headers into the response:X-Frame-Options: DENY.setXframeOptions(String xframeOptions) Will inject values into theX-Frame-Optionsheader into the response.setXss(boolean xss) When true, will inject the following headers into the response:X-XSS-Protection: 1; mode=block.setXssOptions(String xssOptions) Will inject values into theX-XSS-Protectionheader into the response.
-
Constructor Details
-
HttpHeadersRequestProperties
public HttpHeadersRequestProperties()
-
-
Method Details
-
isEnabled
public boolean isEnabled()Allow CAS to inject and enforce http security headers via an http filter that are outlined here for caching, HSTS, etc. -
isCache
public boolean isCache()When true, will inject the following headers into the response for non-static resources. <pre> Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: 0 </pre> -
isHsts
public boolean isHsts()When true, will inject the following headers into the response:Strict-Transport-Security: .... -
isXframe
public boolean isXframe()When true, will inject the following headers into the response:X-Frame-Options: DENY. -
isXcontent
public boolean isXcontent()When true, will inject the following headers into the response:X-Content-Type-Options: nosniff. -
isXss
public boolean isXss()When true, will inject the following headers into the response:X-XSS-Protection: 1; mode=block. -
getXframeOptions
Will inject values into theX-Frame-Optionsheader into the response. -
getXssOptions
Will inject values into theX-XSS-Protectionheader into the response. -
getHstsOptions
Control the value of theStrict-Transport-Securityheader. -
getContentSecurityPolicy
Helps you reduce XSS risks on modern browsers by declaring what dynamic resources are allowed to load via a HTTP Header. Header value is made up of one or more directives. Multiple directives are separated with a semicolon. -
getCacheControlStaticResources
Files with these extensions are considered static, so they will be cached by browsers. The value is part of a RegEx. -
setEnabled
Allow CAS to inject and enforce http security headers via an http filter that are outlined here for caching, HSTS, etc.- Returns:
this.
-
setCache
When true, will inject the following headers into the response for non-static resources. <pre> Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: 0 </pre>- Returns:
this.
-
setHsts
When true, will inject the following headers into the response:Strict-Transport-Security: ....- Returns:
this.
-
setXframe
When true, will inject the following headers into the response:X-Frame-Options: DENY.- Returns:
this.
-
setXcontent
When true, will inject the following headers into the response:X-Content-Type-Options: nosniff.- Returns:
this.
-
setXss
When true, will inject the following headers into the response:X-XSS-Protection: 1; mode=block.- Returns:
this.
-
setXframeOptions
Will inject values into theX-Frame-Optionsheader into the response.- Returns:
this.
-
setXssOptions
Will inject values into theX-XSS-Protectionheader into the response.- Returns:
this.
-
setHstsOptions
Control the value of theStrict-Transport-Securityheader.- Returns:
this.
-
setContentSecurityPolicy
Helps you reduce XSS risks on modern browsers by declaring what dynamic resources are allowed to load via a HTTP Header. Header value is made up of one or more directives. Multiple directives are separated with a semicolon.- Returns:
this.
-
setCacheControlStaticResources
public HttpHeadersRequestProperties setCacheControlStaticResources(String cacheControlStaticResources) Files with these extensions are considered static, so they will be cached by browsers. The value is part of a RegEx.- Returns:
this.
-