io.pedestal.http.secure-headers

Secure header settings applied in interceptors

content-type-header

(content-type-header)(content-type-header value)

Create a custom value for content-type options.
No arg version returns most secure setting: nosniff

create-headers

(create-headers)(create-headers hsts-settings frame-options-settings content-type-settings xss-protection-settings)

frame-options-header

(frame-options-header)(frame-options-header policy)(frame-options-header allow-from-policy origin)

Create a custom polic value for Frame-Options header.
No arg version returns most secure setting: DENY

header-names

header-names-vec

hsts-header

(hsts-header)(hsts-header max-age-secs)(hsts-header max-age-secs include-subdomains?)

Create a max-age (and optionally include subdomains) Strict-Transport header
No arg version sets age at 1 year (31536000 seconds) and includes subdomains.
You may want to use 1 hour (3600 secs), 1 day (86400 secs), 1 week (604800 secs),
or 1 month (2628000 secs)

secure-headers

(secure-headers)(secure-headers options)

Options are header values, which can be generated by the helper functions here

xss-protection-header

(xss-protection-header)(xss-protection-header value)(xss-protection-header value mode)

Create a custom value (and optionally mode) XSS-Protection header.
No arg version returns the most secure setting: 1; block.

Generated by Codox

Pedestal.service 0.5.1-SNAPSHOT

Project

Namespaces

Public Vars