Class SecureHeadersProperties

java.lang.Object
org.springframework.cloud.gateway.filter.factory.SecureHeadersProperties
@ConfigurationProperties("spring.cloud.gateway.server.webflux.filter.secure-headers") public class SecureHeadersProperties extends Object
Author:
Spencer Gibb, Thirunavukkarasu Ravichandran, Jörg Richter

  • Field Details

    • X_XSS_PROTECTION_HEADER

      public static final String X_XSS_PROTECTION_HEADER
      Xss-Protection header name.
      See Also:

    • X_XSS_PROTECTION_HEADER_DEFAULT

      public static final String X_XSS_PROTECTION_HEADER_DEFAULT
      Xss-Protection header default.
      See Also:

    • STRICT_TRANSPORT_SECURITY_HEADER

      public static final String STRICT_TRANSPORT_SECURITY_HEADER
      Strict transport security header name.
      See Also:

    • STRICT_TRANSPORT_SECURITY_HEADER_DEFAULT

      public static final String STRICT_TRANSPORT_SECURITY_HEADER_DEFAULT
      Strict transport security header default.
      See Also:

    • X_FRAME_OPTIONS_HEADER

      public static final String X_FRAME_OPTIONS_HEADER
      Frame options header name.
      See Also:

    • X_FRAME_OPTIONS_HEADER_DEFAULT

      public static final String X_FRAME_OPTIONS_HEADER_DEFAULT
      Frame Options header default.
      See Also:

    • X_CONTENT_TYPE_OPTIONS_HEADER

      public static final String X_CONTENT_TYPE_OPTIONS_HEADER
      Content-Type Options header name.
      See Also:

    • X_CONTENT_TYPE_OPTIONS_HEADER_DEFAULT

      public static final String X_CONTENT_TYPE_OPTIONS_HEADER_DEFAULT
      Content-Type Options header default.
      See Also:

    • REFERRER_POLICY_HEADER

      public static final String REFERRER_POLICY_HEADER
      Referrer Policy header name.
      See Also:

    • REFERRER_POLICY_HEADER_DEFAULT

      public static final String REFERRER_POLICY_HEADER_DEFAULT
      Referrer Policy header default.
      See Also:

    • CONTENT_SECURITY_POLICY_HEADER

      public static final String CONTENT_SECURITY_POLICY_HEADER
      Content-Security Policy header name.
      See Also:

    • CONTENT_SECURITY_POLICY_HEADER_DEFAULT

      public static final String CONTENT_SECURITY_POLICY_HEADER_DEFAULT
      Content-Security Policy header default.
      See Also:

    • X_DOWNLOAD_OPTIONS_HEADER

      public static final String X_DOWNLOAD_OPTIONS_HEADER
      Download Options header name.
      See Also:

    • X_DOWNLOAD_OPTIONS_HEADER_DEFAULT

      public static final String X_DOWNLOAD_OPTIONS_HEADER_DEFAULT
      Download Options header default.
      See Also:

    • X_PERMITTED_CROSS_DOMAIN_POLICIES_HEADER

      public static final String X_PERMITTED_CROSS_DOMAIN_POLICIES_HEADER
      Permitted Cross-Domain Policies header name.
      See Also:

    • X_PERMITTED_CROSS_DOMAIN_POLICIES_HEADER_DEFAULT

      public static final String X_PERMITTED_CROSS_DOMAIN_POLICIES_HEADER_DEFAULT
      Permitted Cross-Domain Policies header default.
      See Also:

    • PERMISSIONS_POLICY_HEADER

      public static final String PERMISSIONS_POLICY_HEADER
      Permissions Policy header name. Opt-In required by external configuration.
      See Also:

    • PERMISSIONS_POLICY_HEADER_OPT_IN_DEFAULT

      public static final String PERMISSIONS_POLICY_HEADER_OPT_IN_DEFAULT
      Permissions Policy header default. Opt-In by external configuration required, because the header default disables a comprehensive list of features.
      See Also:

  • Constructor Details

    • SecureHeadersProperties

      public SecureHeadersProperties()
      Default constructor for SecureHeadersProperties. Initializes the `defaultHeaders` set with a predefined list of security headers. The headers are transformed to lowercase for case-insensitive comparison.

  • Method Details

    • getXssProtectionHeader

      public String getXssProtectionHeader()

    • setXssProtectionHeader

      public void setXssProtectionHeader(String xssProtectionHeader)

    • getStrictTransportSecurity

      public String getStrictTransportSecurity()

    • setStrictTransportSecurity

      public void setStrictTransportSecurity(String strictTransportSecurity)

    • getFrameOptions

      public String getFrameOptions()

    • setFrameOptions

      public void setFrameOptions(String frameOptions)

    • getContentTypeOptions

      public String getContentTypeOptions()

    • setContentTypeOptions

      public void setContentTypeOptions(String contentTypeOptions)

    • getReferrerPolicy

      public String getReferrerPolicy()

    • setReferrerPolicy

      public void setReferrerPolicy(String referrerPolicy)

    • getContentSecurityPolicy

      public String getContentSecurityPolicy()

    • setContentSecurityPolicy

      public void setContentSecurityPolicy(String contentSecurityPolicy)

    • getDownloadOptions

      public String getDownloadOptions()

    • setDownloadOptions

      public void setDownloadOptions(String downloadOptions)

    • getPermittedCrossDomainPolicies

      public String getPermittedCrossDomainPolicies()

    • setPermittedCrossDomainPolicies

      public void setPermittedCrossDomainPolicies(String permittedCrossDomainPolicies)

    • getPermissionsPolicy

      public String getPermissionsPolicy()

    • setPermissionsPolicy

      public void setPermissionsPolicy(String permissionsPolicy)

    • getDisable

      public List<String> getDisable()
      Returns:
      the default/opt-out header names to disable

    • setDisable

      public void setDisable(List<String> disable)
      Binds the list of default/opt-out header names to disable, transforms them into a lowercase set. This is to ensure case-insensitive comparison.
      Parameters:
      disable - - list of default/opt-out header names to disable

    • getEnabledHeaders

      public Set<String> getEnabledHeaders()
      Returns:
      the opt-in header names to enable

    • setEnable

      public void setEnable(List<String> enable)
      Binds the list of default/opt-out header names to enable, transforms them into a lowercase set. This is to ensure case-insensitive comparison.
      Parameters:
      enable - - list of default/opt-out header enable

    • getDisabledHeaders

      public Set<String> getDisabledHeaders()
      Returns:
      the default/opt-out header names to disable

    • getDefaultHeaders

      public Set<String> getDefaultHeaders()
      Returns:
      the default/opt-out header names to apply

    • toString

      public String toString()
      Overrides:
      toString in class Object