play-omnidoc
API
Generated with
play-omnidoc/play/play.filters/play.filters.headers

play.filters.headers

package play.filters.headers

Members list

Type members

Classlikes

trait SecurityHeadersComponents

The security headers components.

The security headers components.

Attributes

Supertypes
class Object
trait Matchable
class Any
Known subtypes
case class SecurityHeadersConfig(frameOptions: Option[String], xssProtection: Option[String], contentTypeOptions: Option[String], permittedCrossDomainPolicies: Option[String], contentSecurityPolicy: Option[String], referrerPolicy: Option[String], allowActionSpecificHeaders: Boolean)

A type safe configuration object for setting security headers.

A type safe configuration object for setting security headers.

Value parameters

allowActionSpecificHeaders

Allows specific headers

contentSecurityPolicy

"Content-Security-Policy" - this is deprecated in favor of the dedicated CSPFilter.

contentTypeOptions

"X-Content-Type-Options"

frameOptions

"X-Frame-Options":

permittedCrossDomainPolicies

"X-Permitted-Cross-Domain-Policies"

referrerPolicy

"Referrer-Policy"

xssProtection

"X-XSS-Protection":

Attributes

Companion
object
Supertypes
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
object SecurityHeadersConfig

Parses out a SecurityHeadersConfig from play.api.Configuration (usually this means application.conf).

Parses out a SecurityHeadersConfig from play.api.Configuration (usually this means application.conf).

Attributes

Companion
class
Supertypes
trait Product
trait Mirror
class Object
trait Matchable
class Any
Self type
@Singleton
class SecurityHeadersConfigProvider(configuration: Configuration) extends Provider[SecurityHeadersConfig]

Provider for security headers configuration.

Provider for security headers configuration.

Attributes

Supertypes
trait Provider[SecurityHeadersConfig]
class Object
trait Matchable
class Any
object SecurityHeadersFilter

This class sets a number of common security headers on the HTTP request.

This class sets a number of common security headers on the HTTP request.

NOTE: Because these are security headers, they are "secure by default." If the filter is applied, but these fields are NOT defined in Configuration, the defaults on the filter are NOT omitted, but are instead set to the strictest possible value.

  • {{play.filters.headers.frameOptions}} - sets frameOptions. Some("DENY") by default.

  • {{play.filters.headers.xssProtection}} - sets xssProtection. Some("1; mode=block") by default.

  • {{play.filters.headers.contentTypeOptions}} - sets contentTypeOptions. Some("nosniff") by default.

  • {{play.filters.headers.permittedCrossDomainPolicies}} - sets permittedCrossDomainPolicies. Some("master-only") by default.

  • {{play.filters.headers.contentSecurityPolicy}} - sets contentSecurityPolicy. Some("default-src 'self'") by default.

  • {{play.filters.headers.referrerPolicy}} - sets referrerPolicy. Some("origin-when-cross-origin, strict-origin-when-cross-origin") by default.

  • {{play.filters.headers.allowActionSpecificHeaders}} - sets whether .withHeaders may be used to provide page-specific overrides. False by default.

Attributes

See also
Companion
class
Supertypes
class Object
trait Matchable
class Any
Self type
@Singleton
class SecurityHeadersFilter(config: SecurityHeadersConfig) extends EssentialFilter

The case class that implements the filter. This gives you the most control, but you may want to use the apply() method on the companion singleton for convenience.

The case class that implements the filter. This gives you the most control, but you may want to use the apply() method on the companion singleton for convenience.

Attributes

Companion
object
Supertypes
class Object
trait Matchable
class Any
class SecurityHeadersModule extends SimpleModule

The security headers module.

The security headers module.

Attributes

Supertypes
class SimpleModule
class Module
class Object
trait Matchable
class Any
Generated with