object SecurityHeadersFilter
This class sets a number of common security headers on the HTTP request.
NOTE: Because these are security headers, they are "secure by default." If the filter is applied, but these fields are NOT defined in Configuration, the defaults on the filter are NOT omitted, but are instead set to the strictest possible value.
- {{play.filters.headers.frameOptions}} - sets frameOptions. Some("DENY") by default.
- {{play.filters.headers.xssProtection}} - sets xssProtection. Some("1; mode=block") by default.
- {{play.filters.headers.contentTypeOptions}} - sets contentTypeOptions. Some("nosniff") by default.
- {{play.filters.headers.permittedCrossDomainPolicies}} - sets permittedCrossDomainPolicies. Some("master-only") by default.
- {{play.filters.headers.contentSecurityPolicy}} - sets contentSecurityPolicy. Some("default-src 'self'") by default.
- {{play.filters.headers.referrerPolicy}} - sets referrerPolicy. Some("origin-when-cross-origin, strict-origin-when-cross-origin") by default.
- {{play.filters.headers.allowActionSpecificHeaders}} - sets whether .withHeaders may be used to provide page-specific overrides. False by default.
- Source
- SecurityHeadersFilter.scala
- See also
- Alphabetic
- By Inheritance
- SecurityHeadersFilter
- AnyRef
- Any
- Hide All
- Show All
- Public
- All
Value Members
-
final
def
!=(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
-
final
def
##(): Int
- Definition Classes
- AnyRef → Any
-
final
def
==(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
- val CONTENT_SECURITY_POLICY_HEADER: String
- val REFERRER_POLICY: String
- val X_CONTENT_TYPE_OPTIONS_HEADER: String
- val X_FRAME_OPTIONS_HEADER: String
- val X_PERMITTED_CROSS_DOMAIN_POLICIES_HEADER: String
- val X_XSS_PROTECTION_HEADER: String
-
def
apply(config: Configuration): SecurityHeadersFilter
Convenience method for creating a filter using play.api.Configuration.
Convenience method for creating a filter using play.api.Configuration. Good for testing.
- config
a configuration object that may contain string settings.
- returns
a configured SecurityHeadersFilter.
-
def
apply(config: SecurityHeadersConfig = SecurityHeadersConfig()): SecurityHeadersFilter
Convenience method for creating a SecurityHeadersFilter that reads settings from application.conf.
Convenience method for creating a SecurityHeadersFilter that reads settings from application.conf. Generally speaking, you'll want to use this or the apply(SecurityHeadersConfig) method.
- returns
a configured SecurityHeadersFilter.
-
final
def
asInstanceOf[T0]: T0
- Definition Classes
- Any
-
def
clone(): AnyRef
- Attributes
- protected[java.lang]
- Definition Classes
- AnyRef
- Annotations
- @native() @throws( ... )
-
final
def
eq(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef
-
def
equals(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
-
def
finalize(): Unit
- Attributes
- protected[java.lang]
- Definition Classes
- AnyRef
- Annotations
- @throws( classOf[java.lang.Throwable] )
-
final
def
getClass(): Class[_]
- Definition Classes
- AnyRef → Any
- Annotations
- @native()
-
def
hashCode(): Int
- Definition Classes
- AnyRef → Any
- Annotations
- @native()
-
final
def
isInstanceOf[T0]: Boolean
- Definition Classes
- Any
-
final
def
ne(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef
-
final
def
notify(): Unit
- Definition Classes
- AnyRef
- Annotations
- @native()
-
final
def
notifyAll(): Unit
- Definition Classes
- AnyRef
- Annotations
- @native()
-
final
def
synchronized[T0](arg0: ⇒ T0): T0
- Definition Classes
- AnyRef
-
def
toString(): String
- Definition Classes
- AnyRef → Any
-
final
def
wait(): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws( ... )
-
final
def
wait(arg0: Long, arg1: Int): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws( ... )
-
final
def
wait(arg0: Long): Unit
- Definition Classes
- AnyRef
- Annotations
- @native() @throws( ... )