Package com.helger.xservlet.filter

Class XServletFilterSecurityXFrameOptions

    • Constructor Detail

      • XServletFilterSecurityXFrameOptions

        public XServletFilterSecurityXFrameOptions​(@Nonnull
                                           com.helger.servlet.response.EXFrameOptionType eType,
                                           @Nullable
                                           com.helger.commons.url.ISimpleURL aDomain)
        The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a <frame>, <iframe> or <object> . Sites can use this to avoid clickjacking attacks, by ensuring that their content is not embedded into other sites. Example: 
         X-Frame-Options: DENY
 X-Frame-Options: SAMEORIGIN
 X-Frame-Options: ALLOW-FROM https://example.com/
        Parameters:
        eType - The X-Frame-Options type to be set. May not be null.
        aDomain - The domain URL to be used in "ALLOW-FROM". May be null for the other cases.

    • Method Detail

      • getXFrameOptionsType

        @Nonnull
public final com.helger.servlet.response.EXFrameOptionType getXFrameOptionsType()
        Returns:
        The X-Frame-Options type provided in the constructor. Never null.
        Since:
        9.3.2

      • getDomain

        @Nullable
public final com.helger.commons.url.ISimpleURL getDomain()
        Returns:
        The domain passed in the constructor. May be null. Is not null if the getXFrameOptionsType() requires a URL.
        Since:
        9.3.2

      • getHeaderValue

        @Nonnull
@Nonempty
public final String getHeaderValue()
        Returns:
        The header values to be used. Neither null nor empty.
        Since:
        9.3.2

      • beforeRequest

        @Nonnull
public com.helger.commons.state.EContinue beforeRequest​(@Nonnull
                                                        javax.servlet.http.HttpServletRequest aHttpRequest,
                                                        @Nonnull
                                                        javax.servlet.http.HttpServletResponse aHttpResponse,
                                                        @Nonnull
                                                        com.helger.http.EHttpVersion eHttpVersion,
                                                        @Nonnull
                                                        com.helger.commons.http.EHttpMethod eHttpMethod)
        Description copied from interface: IXServletLowLevelFilter
        Invoked before an XServlet request is handled. This method is created before the request is created! Exceptions occurring in this method will be propagated to the outside, so be careful :)
        Specified by:
        beforeRequest in interface IXServletLowLevelFilter
        Parameters:
        aHttpRequest - HTTP servlet request. Never null.
        aHttpResponse - HTTP servlet response. Never null.
        eHttpVersion - HTTP version. Never null.
        eHttpMethod - HTTP method. Never null.
        Returns:
        EContinue.CONTINUE to continue processing, or EContinue.BREAK if this request should not be processed, in which case the HttpServletResponse must contain a valid response!