Package org.springframework.security.config.web.server

Class ServerHttpSecurity.HeaderSpec.XssProtectionSpec

java.lang.Object

org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.XssProtectionSpec

Enclosing class:

ServerHttpSecurity.HeaderSpec

public final class ServerHttpSecurity.HeaderSpec.XssProtectionSpec
extends Object

Configures x-xss-protection response header

See Also:

• ServerHttpSecurity.HeaderSpec.xssProtection()

Method Summary

Modifier and Type	Method	Description
ServerHttpSecurity.HeaderSpec	disable()	Disables the x-xss-protection response header
ServerHttpSecurity.HeaderSpec	headerValue(org.springframework.security.web.server.header.XXssProtectionServerHttpHeadersWriter.HeaderValue headerValue)	Sets the value of x-xss-protection header.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

disable

public ServerHttpSecurity.HeaderSpec disable()

Disables the x-xss-protection response header

Returns:

the ServerHttpSecurity.HeaderSpec to continue configuring

headerValue

public ServerHttpSecurity.HeaderSpec headerValue(org.springframework.security.web.server.header.XXssProtectionServerHttpHeadersWriter.HeaderValue headerValue)

Sets the value of x-xss-protection header. OWASP recommends using XXssProtectionServerHttpHeadersWriter.HeaderValue.DISABLED.

Parameters:

headerValue - the headerValue

Returns:

the ServerHttpSecurity.HeaderSpec to continue configuring

Since:

5.8