object SecurityHeadersFilter
This class sets a number of common security headers on the HTTP request.
NOTE: Because these are security headers, they are "secure by default." If the filter is applied, but these fields are NOT defined in Configuration, the defaults on the filter are NOT omitted, but are instead set to the strictest possible value.
- {{play.filters.headers.frameOptions}} - sets frameOptions. Some("DENY") by default.
- {{play.filters.headers.xssProtection}} - sets xssProtection. Some("1; mode=block") by default.
- {{play.filters.headers.contentTypeOptions}} - sets contentTypeOptions. Some("nosniff") by default.
- {{play.filters.headers.permittedCrossDomainPolicies}} - sets permittedCrossDomainPolicies. Some("master-only") by default.
- {{play.filters.headers.contentSecurityPolicy}} - sets contentSecurityPolicy. Some("default-src 'self'") by default.
- {{play.filters.headers.referrerPolicy}} - sets referrerPolicy. Some("origin-when-cross-origin, strict-origin-when-cross-origin") by default.
- {{play.filters.headers.allowActionSpecificHeaders}} - sets whether .withHeaders may be used to provide page-specific overrides. False by default.
- Source
- SecurityHeadersFilter.scala
- See also
- Alphabetic
- By Inheritance
- SecurityHeadersFilter
- AnyRef
- Any
- Hide All
- Show All
- Public
- All
Value Members
- final def !=(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
- final def ##(): Int
- Definition Classes
- AnyRef → Any
- final def ==(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
- val CONTENT_SECURITY_POLICY_HEADER: String
- val REFERRER_POLICY: String
- val X_CONTENT_TYPE_OPTIONS_HEADER: String
- val X_FRAME_OPTIONS_HEADER: String
- val X_PERMITTED_CROSS_DOMAIN_POLICIES_HEADER: String
- val X_XSS_PROTECTION_HEADER: String
- def apply(config: Configuration): SecurityHeadersFilter
Convenience method for creating a filter using play.api.Configuration.
Convenience method for creating a filter using play.api.Configuration. Good for testing.
- config
a configuration object that may contain string settings.
- returns
a configured SecurityHeadersFilter.
- def apply(config: SecurityHeadersConfig = SecurityHeadersConfig()): SecurityHeadersFilter
Convenience method for creating a SecurityHeadersFilter that reads settings from application.conf.
Convenience method for creating a SecurityHeadersFilter that reads settings from application.conf. Generally speaking, you'll want to use this or the apply(SecurityHeadersConfig) method.
- returns
a configured SecurityHeadersFilter.
- final def asInstanceOf[T0]: T0
- Definition Classes
- Any
- def clone(): AnyRef
- Attributes
- protected[java.lang]
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.CloneNotSupportedException]) @native()
- final def eq(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef
- def equals(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef → Any
- def finalize(): Unit
- Attributes
- protected[java.lang]
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.Throwable])
- final def getClass(): Class[_ <: AnyRef]
- Definition Classes
- AnyRef → Any
- Annotations
- @native()
- def hashCode(): Int
- Definition Classes
- AnyRef → Any
- Annotations
- @native()
- final def isInstanceOf[T0]: Boolean
- Definition Classes
- Any
- final def ne(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef
- final def notify(): Unit
- Definition Classes
- AnyRef
- Annotations
- @native()
- final def notifyAll(): Unit
- Definition Classes
- AnyRef
- Annotations
- @native()
- final def synchronized[T0](arg0: => T0): T0
- Definition Classes
- AnyRef
- def toString(): String
- Definition Classes
- AnyRef → Any
- final def wait(): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.InterruptedException])
- final def wait(arg0: Long, arg1: Int): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.InterruptedException])
- final def wait(arg0: Long): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.InterruptedException]) @native()