Class ServerHttpSecurity.HeaderSpec.ContentSecurityPolicySpec
java.lang.Object
org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.ContentSecurityPolicySpec
- Enclosing class:
- ServerHttpSecurity.HeaderSpec
Configures
Content-Security-Policy response header.- Since:
- 5.1
- See Also:
-
Method Summary
Modifier and TypeMethodDescriptionand()Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0.policyDirectives(String policyDirectives) Sets the security policy directive(s) to be used in the response header.reportOnly(boolean reportOnly) Whether to include theContent-Security-Policy-Report-Onlyheader in the response.
-
Method Details
-
reportOnly
Whether to include theContent-Security-Policy-Report-Onlyheader in the response. Otherwise, defaults to theContent-Security-Policyheader.- Parameters:
reportOnly- whether to only report policy violations- Returns:
- the
ServerHttpSecurity.HeaderSpecto continue configuring
-
policyDirectives
Sets the security policy directive(s) to be used in the response header.- Parameters:
policyDirectives- the security policy directive(s)- Returns:
- the
ServerHttpSecurity.HeaderSpecto continue configuring
-
and
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. UseServerHttpSecurity.HeaderSpec.contentSecurityPolicy(Customizer)insteadAllows method chaining to continue configuring theServerHttpSecurity.- Returns:
- the
ServerHttpSecurity.HeaderSpecto continue configuring
-