Package io.vertx.ext.web.handler
Interface XFrameHandler
-
- All Superinterfaces:
Handler<RoutingContext>,SecurityPolicyHandler
public interface XFrameHandler extends SecurityPolicyHandler
The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a<frame>,<iframe>,<embed>or<object>. Sites can use this to avoid click-jacking attacks, by ensuring that their content is not embedded into other sites. The added security is provided only if the user accessing the document is using a browser that supportsX-Frame-Options.- Author:
- Paulo Lopes
-
-
Field Summary
Fields Modifier and Type Field Description static StringDENYThe page cannot be displayed in a frame, regardless of the site attempting to do so.static StringSAMEORIGINThe page can only be displayed in a frame on the same origin as the page itself.
-
Method Summary
Static Methods Modifier and Type Method Description static XFrameHandlercreate(String action)Creates a new handler that will add theX-FRAME-OPTIONSheader to the current response.
-
-
-
Field Detail
-
DENY
static final String DENY
The page cannot be displayed in a frame, regardless of the site attempting to do so.- See Also:
- Constant Field Values
-
SAMEORIGIN
static final String SAMEORIGIN
The page can only be displayed in a frame on the same origin as the page itself. The spec leaves it up to browser vendors to decide whether this option applies to the top level, the parent, or the whole chain, although it is argued that the option is not very useful unless all ancestors are also in the same origin.- See Also:
- Constant Field Values
-
-
Method Detail
-
create
static XFrameHandler create(String action)
Creates a new handler that will add theX-FRAME-OPTIONSheader to the current response.- Parameters:
action- a string value eitherDENYorSAMEORIGIN.- Returns:
- the handler
-
-