Packages

object SecurityHeadersFilter

This class sets a number of common security headers on the HTTP request.

NOTE: Because these are security headers, they are "secure by default." If the filter is applied, but these fields are NOT defined in Configuration, the defaults on the filter are NOT omitted, but are instead set to the strictest possible value.

  • {{play.filters.headers.frameOptions}} - sets frameOptions. Some("DENY") by default.
  • {{play.filters.headers.xssProtection}} - sets xssProtection. Some("1; mode=block") by default.
  • {{play.filters.headers.contentTypeOptions}} - sets contentTypeOptions. Some("nosniff") by default.
  • {{play.filters.headers.permittedCrossDomainPolicies}} - sets permittedCrossDomainPolicies. Some("master-only") by default.
  • {{play.filters.headers.contentSecurityPolicy}} - sets contentSecurityPolicy. Some("default-src 'self'") by default.
  • {{play.filters.headers.referrerPolicy}} - sets referrerPolicy. Some("origin-when-cross-origin, strict-origin-when-cross-origin") by default.
  • {{play.filters.headers.allowActionSpecificHeaders}} - sets whether .withHeaders may be used to provide page-specific overrides. False by default.
Source
SecurityHeadersFilter.scala
See also

Referrer Policy

Cross Domain Policy File Specification

X-XSS-Protection

X-Content-Type-Options

X-Frame-Options

Linear Supertypes
AnyRef, Any
Ordering
  1. Alphabetic
  2. By Inheritance
Inherited
  1. SecurityHeadersFilter
  2. AnyRef
  3. Any
  1. Hide All
  2. Show All
Visibility
  1. Public
  2. All

Value Members

  1. final def !=(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  2. final def ##(): Int
    Definition Classes
    AnyRef → Any
  3. final def ==(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  4. val CONTENT_SECURITY_POLICY_HEADER: String
  5. val REFERRER_POLICY: String
  6. val X_CONTENT_TYPE_OPTIONS_HEADER: String
  7. val X_FRAME_OPTIONS_HEADER: String
  8. val X_PERMITTED_CROSS_DOMAIN_POLICIES_HEADER: String
  9. val X_XSS_PROTECTION_HEADER: String
  10. def apply(config: Configuration): SecurityHeadersFilter

    Convenience method for creating a filter using play.api.Configuration.

    Convenience method for creating a filter using play.api.Configuration. Good for testing.

    config

    a configuration object that may contain string settings.

    returns

    a configured SecurityHeadersFilter.

  11. def apply(config: SecurityHeadersConfig = SecurityHeadersConfig()): SecurityHeadersFilter

    Convenience method for creating a SecurityHeadersFilter that reads settings from application.conf.

    Convenience method for creating a SecurityHeadersFilter that reads settings from application.conf. Generally speaking, you'll want to use this or the apply(SecurityHeadersConfig) method.

    returns

    a configured SecurityHeadersFilter.

  12. final def asInstanceOf[T0]: T0
    Definition Classes
    Any
  13. def clone(): AnyRef
    Attributes
    protected[java.lang]
    Definition Classes
    AnyRef
    Annotations
    @native() @throws( ... )
  14. final def eq(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  15. def equals(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  16. def finalize(): Unit
    Attributes
    protected[java.lang]
    Definition Classes
    AnyRef
    Annotations
    @throws( classOf[java.lang.Throwable] )
  17. final def getClass(): Class[_]
    Definition Classes
    AnyRef → Any
    Annotations
    @native()
  18. def hashCode(): Int
    Definition Classes
    AnyRef → Any
    Annotations
    @native()
  19. final def isInstanceOf[T0]: Boolean
    Definition Classes
    Any
  20. final def ne(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  21. final def notify(): Unit
    Definition Classes
    AnyRef
    Annotations
    @native()
  22. final def notifyAll(): Unit
    Definition Classes
    AnyRef
    Annotations
    @native()
  23. final def synchronized[T0](arg0: ⇒ T0): T0
    Definition Classes
    AnyRef
  24. def toString(): String
    Definition Classes
    AnyRef → Any
  25. final def wait(): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws( ... )
  26. final def wait(arg0: Long, arg1: Int): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws( ... )
  27. final def wait(arg0: Long): Unit
    Definition Classes
    AnyRef
    Annotations
    @native() @throws( ... )

Inherited from AnyRef

Inherited from Any

Ungrouped