case class SecurityHeadersConfig(frameOptions: Option[String] = Some("DENY"), xssProtection: Option[String] = Some("1; mode=block"), contentTypeOptions: Option[String] = Some("nosniff"), permittedCrossDomainPolicies: Option[String] = Some("master-only"), contentSecurityPolicy: Option[String] = None, referrerPolicy: Option[String] = ..., allowActionSpecificHeaders: Boolean = false) extends Product with Serializable
A type safe configuration object for setting security headers.
- frameOptions
"X-Frame-Options":
- xssProtection
"X-XSS-Protection":
- contentTypeOptions
"X-Content-Type-Options"
- permittedCrossDomainPolicies
"X-Permitted-Cross-Domain-Policies"
- contentSecurityPolicy
"Content-Security-Policy" - this is deprecated in favor of the dedicated CSPFilter.
- referrerPolicy
"Referrer-Policy"
- allowActionSpecificHeaders
Allows specific headers
Linear Supertypes
Ordering
- Alphabetic
- By Inheritance
Inherited
- SecurityHeadersConfig
- Serializable
- Serializable
- Product
- Equals
- AnyRef
- Any
- Hide All
- Show All
Visibility
- Public
- All
Instance Constructors
- new SecurityHeadersConfig()
-
new
SecurityHeadersConfig(frameOptions: Option[String] = Some("DENY"), xssProtection: Option[String] = Some("1; mode=block"), contentTypeOptions: Option[String] = Some("nosniff"), permittedCrossDomainPolicies: Option[String] = Some("master-only"), contentSecurityPolicy: Option[String] = None, referrerPolicy: Option[String] = ..., allowActionSpecificHeaders: Boolean = false)
- frameOptions
"X-Frame-Options":
- xssProtection
"X-XSS-Protection":
- contentTypeOptions
"X-Content-Type-Options"
- permittedCrossDomainPolicies
"X-Permitted-Cross-Domain-Policies"
- contentSecurityPolicy
"Content-Security-Policy" - this is deprecated in favor of the dedicated CSPFilter.
- referrerPolicy
"Referrer-Policy"
- allowActionSpecificHeaders
Allows specific headers
Value Members
-
final
def
!=(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
-
final
def
##(): Int
- Definition Classes
- AnyRef → Any
-
final
def
==(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
- val allowActionSpecificHeaders: Boolean
-
final
def
asInstanceOf[T0]: T0
- Definition Classes
- Any
-
def
clone(): AnyRef
- Attributes
- protected[java.lang]
- Definition Classes
- AnyRef
- Annotations
- @native() @throws( ... )
- val contentTypeOptions: Option[String]
-
final
def
eq(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef
-
def
finalize(): Unit
- Attributes
- protected[java.lang]
- Definition Classes
- AnyRef
- Annotations
- @throws( classOf[java.lang.Throwable] )
- val frameOptions: Option[String]
-
final
def
getClass(): Class[_]
- Definition Classes
- AnyRef → Any
- Annotations
- @native()
-
final
def
isInstanceOf[T0]: Boolean
- Definition Classes
- Any
-
final
def
ne(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef
-
final
def
notify(): Unit
- Definition Classes
- AnyRef
- Annotations
- @native()
-
final
def
notifyAll(): Unit
- Definition Classes
- AnyRef
- Annotations
- @native()
- val permittedCrossDomainPolicies: Option[String]
- val referrerPolicy: Option[String]
-
final
def
synchronized[T0](arg0: ⇒ T0): T0
- Definition Classes
- AnyRef
-
final
def
wait(): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws( ... )
-
final
def
wait(arg0: Long, arg1: Int): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws( ... )
-
final
def
wait(arg0: Long): Unit
- Definition Classes
- AnyRef
- Annotations
- @native() @throws( ... )
- def withContentTypeOptions(contentTypeOptions: Optional[String]): SecurityHeadersConfig
- def withFrameOptions(frameOptions: Optional[String]): SecurityHeadersConfig
- def withPermittedCrossDomainPolicies(permittedCrossDomainPolicies: Optional[String]): SecurityHeadersConfig
- def withReferrerPolicy(referrerPolicy: Optional[String]): SecurityHeadersConfig
- def withXssProtection(xssProtection: Optional[String]): SecurityHeadersConfig
- val xssProtection: Option[String]
Deprecated Value Members
-
val
contentSecurityPolicy: Option[String]
- Annotations
- @deprecated
- Deprecated
(Since version 2.7.0) Please use play.filters.csp.CSPFilter
-
def
withContentSecurityPolicy(contentSecurityPolicy: Optional[String]): SecurityHeadersConfig
- Annotations
- @deprecated
- Deprecated
(Since version 2.7.0) Please use play.filters.csp.CSPFilter