case class SecurityHeadersConfig(frameOptions: Option[String] = Some("DENY"), xssProtection: Option[String] = Some("1; mode=block"), contentTypeOptions: Option[String] = Some("nosniff"), permittedCrossDomainPolicies: Option[String] = Some("master-only"), contentSecurityPolicy: Option[String] = None, referrerPolicy: Option[String] = Some("origin-when-cross-origin, strict-origin-when-cross-origin"), allowActionSpecificHeaders: Boolean = false) extends Product with Serializable
A type safe configuration object for setting security headers.
- frameOptions
"X-Frame-Options":
- xssProtection
"X-XSS-Protection":
- contentTypeOptions
"X-Content-Type-Options"
- permittedCrossDomainPolicies
"X-Permitted-Cross-Domain-Policies"
- contentSecurityPolicy
"Content-Security-Policy" - this is deprecated in favor of the dedicated CSPFilter.
- referrerPolicy
"Referrer-Policy"
- allowActionSpecificHeaders
Allows specific headers
Linear Supertypes
Ordering
- Alphabetic
- By Inheritance
Inherited
- SecurityHeadersConfig
- Serializable
- Product
- Equals
- AnyRef
- Any
- Hide All
- Show All
Visibility
- Public
- Protected
Instance Constructors
- new SecurityHeadersConfig()
- new SecurityHeadersConfig(frameOptions: Option[String] = Some("DENY"), xssProtection: Option[String] = Some("1; mode=block"), contentTypeOptions: Option[String] = Some("nosniff"), permittedCrossDomainPolicies: Option[String] = Some("master-only"), contentSecurityPolicy: Option[String] = None, referrerPolicy: Option[String] = Some("origin-when-cross-origin, strict-origin-when-cross-origin"), allowActionSpecificHeaders: Boolean = false)
- frameOptions
"X-Frame-Options":
- xssProtection
"X-XSS-Protection":
- contentTypeOptions
"X-Content-Type-Options"
- permittedCrossDomainPolicies
"X-Permitted-Cross-Domain-Policies"
- contentSecurityPolicy
"Content-Security-Policy" - this is deprecated in favor of the dedicated CSPFilter.
- referrerPolicy
"Referrer-Policy"
- allowActionSpecificHeaders
Allows specific headers
Value Members
- final def !=(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
- final def ##: Int
- Definition Classes
- AnyRef → Any
- final def ==(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
- val allowActionSpecificHeaders: Boolean
- final def asInstanceOf[T0]: T0
- Definition Classes
- Any
- def clone(): AnyRef
- Attributes
- protected[lang]
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.CloneNotSupportedException]) @HotSpotIntrinsicCandidate() @native()
- val contentTypeOptions: Option[String]
- final def eq(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef
- val frameOptions: Option[String]
- final def getClass(): Class[_ <: AnyRef]
- Definition Classes
- AnyRef → Any
- Annotations
- @HotSpotIntrinsicCandidate() @native()
- final def isInstanceOf[T0]: Boolean
- Definition Classes
- Any
- final def ne(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef
- final def notify(): Unit
- Definition Classes
- AnyRef
- Annotations
- @HotSpotIntrinsicCandidate() @native()
- final def notifyAll(): Unit
- Definition Classes
- AnyRef
- Annotations
- @HotSpotIntrinsicCandidate() @native()
- val permittedCrossDomainPolicies: Option[String]
- def productElementNames: Iterator[String]
- Definition Classes
- Product
- val referrerPolicy: Option[String]
- final def synchronized[T0](arg0: => T0): T0
- Definition Classes
- AnyRef
- final def wait(arg0: Long, arg1: Int): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.InterruptedException])
- final def wait(arg0: Long): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.InterruptedException]) @native()
- final def wait(): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.InterruptedException])
- def withContentTypeOptions(contentTypeOptions: Optional[String]): SecurityHeadersConfig
- def withFrameOptions(frameOptions: Optional[String]): SecurityHeadersConfig
- def withPermittedCrossDomainPolicies(permittedCrossDomainPolicies: Optional[String]): SecurityHeadersConfig
- def withReferrerPolicy(referrerPolicy: Optional[String]): SecurityHeadersConfig
- def withXssProtection(xssProtection: Optional[String]): SecurityHeadersConfig
- val xssProtection: Option[String]
Deprecated Value Members
- val contentSecurityPolicy: Option[String]
- Annotations
- @deprecated
- Deprecated
(Since version 2.7.0) Please use play.filters.csp.CSPFilter
- def finalize(): Unit
- Attributes
- protected[lang]
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.Throwable]) @Deprecated
- Deprecated
(Since version 9)
- def withContentSecurityPolicy(contentSecurityPolicy: Optional[String]): SecurityHeadersConfig
- Annotations
- @deprecated
- Deprecated
(Since version 2.7.0) Please use play.filters.csp.CSPFilter