java.lang.Object
- org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.XXssConfig

Enclosing class:: HeadersConfigurer<H extends HttpSecurityBuilder<H>>

public final class HeadersConfigurer.XXssConfig
extends java.lang.Object

Method Summary

All Methods Instance Methods Concrete Methods Deprecated Methods
Modifier and Type	Method	Description
`HeadersConfigurer<H>`	`and()`	Allows completing configuration of X-XSS-Protection and continuing configuration of headers.
`HeadersConfigurer.XXssConfig`	`block(boolean enabled)`	Deprecated. use `headerValue(XXssProtectionHeaderWriter.HeaderValue)` instead
`HeadersConfigurer<H>`	`disable()`	Disables X-XSS-Protection header (does not include it)
`HeadersConfigurer.XXssConfig`	`headerValue(org.springframework.security.web.header.writers.XXssProtectionHeaderWriter.HeaderValue headerValue)`	Sets the value of the X-XSS-PROTECTION header.
`HeadersConfigurer.XXssConfig`	`xssProtectionEnabled(boolean enabled)`	Deprecated. use `headerValue(XXssProtectionHeaderWriter.HeaderValue)` instead

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Method Detail
  - block
```
@Deprecated
public HeadersConfigurer.XXssConfig block(boolean enabled)
```
    Deprecated.
    use headerValue(XXssProtectionHeaderWriter.HeaderValue) instead
    
    If false, will not specify the mode as blocked. In this instance, any content will be attempted to be fixed. If true, the content will be replaced with "#".
    
    Parameters:
    
    enabled - the new value
  - xssProtectionEnabled
```
@Deprecated
public HeadersConfigurer.XXssConfig xssProtectionEnabled(boolean enabled)
```
    Deprecated.
    use headerValue(XXssProtectionHeaderWriter.HeaderValue) instead
    If true, the header value will contain a value of 1. For example:
    X-XSS-Protection: 1
    or if XXssProtectionHeaderWriter.setBlock(boolean) of the given XXssProtectionHeaderWriter is true
    X-XSS-Protection: 1; mode=block
    If false, will explicitly disable specify that X-XSS-Protection is disabled. For example:
    X-XSS-Protection: 0
    Parameters:
    
    enabled - the new value
  - headerValue
```
public HeadersConfigurer.XXssConfig headerValue(org.springframework.security.web.header.writers.XXssProtectionHeaderWriter.HeaderValue headerValue)
```
    Sets the value of the X-XSS-PROTECTION header. OWASP recommends using XXssProtectionHeaderWriter.HeaderValue.DISABLED. If XXssProtectionHeaderWriter.HeaderValue.DISABLED, will specify that X-XSS-Protection is disabled. For example:
    X-XSS-Protection: 0
    If XXssProtectionHeaderWriter.HeaderValue.ENABLED, will contain a value of 1, but will not specify the mode as blocked. In this instance, any content will be attempted to be fixed. For example:
    X-XSS-Protection: 1
    If XXssProtectionHeaderWriter.HeaderValue.ENABLED_MODE_BLOCK, will contain a value of 1 and will specify mode as blocked. The content will be replaced with "#". For example:
    X-XSS-Protection: 1 ; mode=block
    Parameters:
    
    headerValue - the new header value
    
    Since:
    
    5.8
  - disable
```
public HeadersConfigurer<H> disable()
```
    Disables X-XSS-Protection header (does not include it)
    
    Returns:
    
    the HeadersConfigurer for additional configuration
  - and
```
public HeadersConfigurer<H> and()
```
    Allows completing configuration of X-XSS-Protection and continuing configuration of headers.
    
    Returns:
    
    the HeadersConfigurer for additional configuration

Class HeadersConfigurer.XXssConfig

Method Summary

Methods inherited from class java.lang.Object

Method Detail

block

xssProtectionEnabled

headerValue

disable

and