Package org.springframework.cloud.gateway.filter.factory

Class SecureHeadersGatewayFilterFactory

java.lang.Object

org.springframework.cloud.gateway.support.AbstractConfigurable<C>

org.springframework.cloud.gateway.filter.factory.AbstractGatewayFilterFactory<SecureHeadersGatewayFilterFactory.Config>

org.springframework.cloud.gateway.filter.factory.SecureHeadersGatewayFilterFactory

All Implemented Interfaces:

org.springframework.beans.factory.Aware, GatewayFilterFactory<SecureHeadersGatewayFilterFactory.Config>, Configurable<SecureHeadersGatewayFilterFactory.Config>, ShortcutConfigurable, org.springframework.context.ApplicationEventPublisherAware

public class SecureHeadersGatewayFilterFactory
extends AbstractGatewayFilterFactory<SecureHeadersGatewayFilterFactory.Config>

https://blog.appcanary.com/2017/http-security-headers.html.

Author:

Spencer Gibb, Thirunavukkarasu Ravichandran

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	SecureHeadersGatewayFilterFactory.Config

Nested classes/interfaces inherited from class org.springframework.cloud.gateway.filter.factory.AbstractGatewayFilterFactory

AbstractGatewayFilterFactory.NameConfig

Nested classes/interfaces inherited from interface org.springframework.cloud.gateway.support.ShortcutConfigurable

ShortcutConfigurable.GatewayEvaluationContext, ShortcutConfigurable.RestrictivePropertyAccessor, ShortcutConfigurable.ShortcutType

Field Summary

Fields

Modifier and Type	Field	Description
static final String	CONTENT_SECURITY_POLICY_HEADER	Content-Security Policy header name.
static final String	REFERRER_POLICY_HEADER	Referrer Policy header name.
static final String	STRICT_TRANSPORT_SECURITY_HEADER	Strict transport security header name.
static final String	X_CONTENT_TYPE_OPTIONS_HEADER	Content-Type Options header name.
static final String	X_DOWNLOAD_OPTIONS_HEADER	Download Options header name.
static final String	X_FRAME_OPTIONS_HEADER	Frame options header name.
static final String	X_PERMITTED_CROSS_DOMAIN_POLICIES_HEADER	Permitted Cross-Domain Policies header name.
static final String	X_XSS_PROTECTION_HEADER	Xss-Protection header name.

Fields inherited from interface org.springframework.cloud.gateway.filter.factory.GatewayFilterFactory

NAME_KEY, VALUE_KEY

Constructor Summary

Constructors

Constructor	Description
SecureHeadersGatewayFilterFactory(SecureHeadersProperties properties)

Method Summary

Modifier and Type	Method	Description
GatewayFilter	apply(SecureHeadersGatewayFilterFactory.Config originalConfig)

Methods inherited from class org.springframework.cloud.gateway.filter.factory.AbstractGatewayFilterFactory

getPublisher, setApplicationEventPublisher

Methods inherited from class org.springframework.cloud.gateway.support.AbstractConfigurable

getConfigClass, newConfig, toString

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface org.springframework.cloud.gateway.filter.factory.GatewayFilterFactory

apply, apply, apply, getConfigClass, name, newConfig

Methods inherited from interface org.springframework.cloud.gateway.support.ShortcutConfigurable

shortcutFieldOrder, shortcutFieldPrefix, shortcutType

Field Details

X_XSS_PROTECTION_HEADER

public static final String X_XSS_PROTECTION_HEADER

Xss-Protection header name.

See Also:

• Constant Field Values

STRICT_TRANSPORT_SECURITY_HEADER

public static final String STRICT_TRANSPORT_SECURITY_HEADER

Strict transport security header name.

See Also:

• Constant Field Values

X_FRAME_OPTIONS_HEADER

public static final String X_FRAME_OPTIONS_HEADER

Frame options header name.

See Also:

• Constant Field Values

X_CONTENT_TYPE_OPTIONS_HEADER

public static final String X_CONTENT_TYPE_OPTIONS_HEADER

Content-Type Options header name.

See Also:

• Constant Field Values

REFERRER_POLICY_HEADER

public static final String REFERRER_POLICY_HEADER

Referrer Policy header name.

See Also:

• Constant Field Values

CONTENT_SECURITY_POLICY_HEADER

public static final String CONTENT_SECURITY_POLICY_HEADER

Content-Security Policy header name.

See Also:

• Constant Field Values

X_DOWNLOAD_OPTIONS_HEADER

public static final String X_DOWNLOAD_OPTIONS_HEADER

Download Options header name.

See Also:

• Constant Field Values

X_PERMITTED_CROSS_DOMAIN_POLICIES_HEADER

public static final String X_PERMITTED_CROSS_DOMAIN_POLICIES_HEADER

Permitted Cross-Domain Policies header name.

See Also:

• Constant Field Values

Constructor Details

SecureHeadersGatewayFilterFactory

public SecureHeadersGatewayFilterFactory(SecureHeadersProperties properties)

Method Details

apply

public GatewayFilter apply(SecureHeadersGatewayFilterFactory.Config originalConfig)