public interface XFrameHandler extends SecurityPolicyHandler
<frame>
, <iframe>
, <embed>
or <object>
. Sites can use this to avoid
click-jacking attacks, by ensuring that their content is not embedded into other sites.
The added security is provided only if the user accessing the document is using a browser that supports
X-Frame-Options
.Modifier and Type | Field and Description |
---|---|
static String |
DENY
The page cannot be displayed in a frame, regardless of the site attempting to do so.
|
static String |
SAMEORIGIN
The page can only be displayed in a frame on the same origin as the page itself.
|
Modifier and Type | Method and Description |
---|---|
static XFrameHandler |
create(String action)
Creates a new handler that will add the
X-FRAME-OPTIONS header to the current response. |
static final String DENY
static final String SAMEORIGIN
static XFrameHandler create(String action)
X-FRAME-OPTIONS
header to the current response.action
- a string value either DENY
or SAMEORIGIN
.Copyright © 2024 Eclipse. All rights reserved.