play.filters.headers
Members list
Type members
Classlikes
The security headers components.
The security headers components.
Attributes
- Supertypes
-
class Objecttrait Matchableclass Any
- Known subtypes
-
trait HttpFiltersComponents
A type safe configuration object for setting security headers.
A type safe configuration object for setting security headers.
Value parameters
- allowActionSpecificHeaders
-
Allows specific headers
- contentSecurityPolicy
-
"Content-Security-Policy" - this is deprecated in favor of the dedicated CSPFilter.
- contentTypeOptions
-
"X-Content-Type-Options"
- frameOptions
-
"X-Frame-Options":
- permittedCrossDomainPolicies
-
"X-Permitted-Cross-Domain-Policies"
- referrerPolicy
-
"Referrer-Policy"
- xssProtection
-
"X-XSS-Protection":
Attributes
- Companion
- object
- Supertypes
-
trait Serializabletrait Producttrait Equalsclass Objecttrait Matchableclass AnyShow all
Parses out a SecurityHeadersConfig from play.api.Configuration (usually this means application.conf).
Parses out a SecurityHeadersConfig from play.api.Configuration (usually this means application.conf).
Attributes
- Companion
- class
- Supertypes
-
trait Producttrait Mirrorclass Objecttrait Matchableclass Any
- Self type
Provider for security headers configuration.
Provider for security headers configuration.
Attributes
- Supertypes
This class sets a number of common security headers on the HTTP request.
This class sets a number of common security headers on the HTTP request.
NOTE: Because these are security headers, they are "secure by default." If the filter is applied, but these fields are NOT defined in Configuration, the defaults on the filter are NOT omitted, but are instead set to the strictest possible value.
-
{{play.filters.headers.frameOptions}} - sets frameOptions. Some("DENY") by default.
-
{{play.filters.headers.xssProtection}} - sets xssProtection. Some("1; mode=block") by default.
-
{{play.filters.headers.contentTypeOptions}} - sets contentTypeOptions. Some("nosniff") by default.
-
{{play.filters.headers.permittedCrossDomainPolicies}} - sets permittedCrossDomainPolicies. Some("master-only") by default.
-
{{play.filters.headers.contentSecurityPolicy}} - sets contentSecurityPolicy. Some("default-src 'self'") by default.
-
{{play.filters.headers.referrerPolicy}} - sets referrerPolicy. Some("origin-when-cross-origin, strict-origin-when-cross-origin") by default.
-
{{play.filters.headers.allowActionSpecificHeaders}} - sets whether .withHeaders may be used to provide page-specific overrides. False by default.
Attributes
- See also
- Companion
- class
- Supertypes
-
class Objecttrait Matchableclass Any
- Self type
The case class that implements the filter. This gives you the most control, but you may want to use the apply() method on the companion singleton for convenience.
The case class that implements the filter. This gives you the most control, but you may want to use the apply() method on the companion singleton for convenience.
Attributes
- Companion
- object
- Supertypes
The security headers module.
The security headers module.
Attributes
- Supertypes