Package org.springframework.security.config.web.server

Class ServerHttpSecurity.HeaderSpec.ContentSecurityPolicySpec

java.lang.Object

org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.ContentSecurityPolicySpec

Enclosing class:

ServerHttpSecurity.HeaderSpec

public final class ServerHttpSecurity.HeaderSpec.ContentSecurityPolicySpec
extends Object

Configures Content-Security-Policy response header.

Since:

5.1

See Also:

• #contentSecurityPolicy(String)

Method Summary

Modifier and Type	Method	Description
ServerHttpSecurity.HeaderSpec	policyDirectives(String policyDirectives)	Sets the security policy directive(s) to be used in the response header.
ServerHttpSecurity.HeaderSpec	reportOnly(boolean reportOnly)	Whether to include the Content-Security-Policy-Report-Only header in the response.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

reportOnly

public ServerHttpSecurity.HeaderSpec reportOnly(boolean reportOnly)

Whether to include the Content-Security-Policy-Report-Only header in the response. Otherwise, defaults to the Content-Security-Policy header.

Parameters:

reportOnly - whether to only report policy violations

Returns:

the ServerHttpSecurity.HeaderSpec to continue configuring

policyDirectives

public ServerHttpSecurity.HeaderSpec policyDirectives(String policyDirectives)

Sets the security policy directive(s) to be used in the response header.

Parameters:

policyDirectives - the security policy directive(s)

Returns:

the ServerHttpSecurity.HeaderSpec to continue configuring