com.helger.servlet.response

Class UnifiedResponseDefaultSettings

java.lang.Object

com.helger.servlet.response.UnifiedResponseDefaultSettings

@ThreadSafe
public final class UnifiedResponseDefaultSettings
extends Object

This class encapsulates default settings to be applied to all UnifiedResponse objects.

Since:

6.0.5

Author:

Philip Helger

Method Summary

Modifier and Type	Method and Description
static void	addCookie(javax.servlet.http.Cookie aCookie) Add the passed cookie.
static void	addResponseHeader(String sName, String sValue) Adds a response header to the response according to the passed name and value.
static com.helger.commons.collection.impl.ICommonsOrderedMap<String,javax.servlet.http.Cookie>	getAllCookies()
static com.helger.commons.http.HttpHeaderMap	getResponseHeaderMap()
static boolean	hasCookies()
static com.helger.commons.state.EChange	removeAllCookies() Remove all cookies.
static com.helger.commons.state.EChange	removeAllResponseHeaders() Remove all response headers currently present.
static com.helger.commons.state.EChange	removeCookie(String sName) Remove the cookie with the specified name.
static com.helger.commons.state.EChange	removeResponseHeaders(String sName) Removes the response headers matching the passed name from the response.
static void	removeStrictTransportSecurity() Remove the `Strict-Transport-Security` headers from the default settings.
static void	setAllowMimeSniffing(boolean bAllow) When specifying false, this method uses a special response header to prevent certain browsers from MIME-sniffing a response away from the declared content-type.
static void	setEnableXSSFilter(boolean bEnable) This header enables the Cross-site scripting (XSS) filter built into most recent web browsers.
static void	setReferrerPolicy(com.helger.http.EHttpReferrerPolicy eReferrerPolicy) Set the default referrer policy to use.
static void	setResponseHeader(String sName, String sValue) Sets a response header to the response according to the passed name and value.
static void	setStrictTransportSecurity(int nMaxAgeSeconds, boolean bIncludeSubdomains) HTTP Strict Transport Security (HSTS) is an opt-in security enhancement that is specified by a web application through the use of a special response header.
static void	setXFrameOptions(EXFrameOptionType eType, com.helger.commons.url.ISimpleURL aDomain) The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a <frame>, <iframe> or <object> .

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

getResponseHeaderMap

@Nonnull
 @ReturnsMutableCopy
public static com.helger.commons.http.HttpHeaderMap getResponseHeaderMap()

Returns:

The non-null header map.

setAllowMimeSniffing

public static void setAllowMimeSniffing(boolean bAllow)

When specifying false, this method uses a special response header to prevent certain browsers from MIME-sniffing a response away from the declared content-type. When passing true, that header is removed.

Parameters:

bAllow - Whether or not sniffing should be allowed (default is true).

setEnableXSSFilter

public static void setEnableXSSFilter(boolean bEnable)

This header enables the Cross-site scripting (XSS) filter built into most recent web browsers. It's usually enabled by default anyway, so the role of this header is to re-enable the filter for this particular website if it was disabled by the user. This header is supported in IE 8+, and in Chrome (not sure which versions). The anti-XSS filter was added in Chrome 4. Its unknown if that version honored this header.

Parameters:

bEnable - true to enable the header, false to disable it.

setStrictTransportSecurity

public static void setStrictTransportSecurity(@Nonnegative
                                              int nMaxAgeSeconds,
                                              boolean bIncludeSubdomains)

HTTP Strict Transport Security (HSTS) is an opt-in security enhancement that is specified by a web application through the use of a special response header. Once a supported browser receives this header that browser will prevent any communications from being sent over HTTP to the specified domain and will instead send all communications over HTTPS. It also prevents HTTPS click through prompts on browsers. The specification has been released and published end of 2012 as RFC 6797 (HTTP Strict Transport Security (HSTS)) by the IETF.

Parameters:

nMaxAgeSeconds - number of seconds, after the reception of the STS header field, during which the UA regards the host (from whom the message was received) as a Known HSTS Host.

bIncludeSubdomains - if enabled, this signals the UA that the HSTS Policy applies to this HSTS Host as well as any sub-domains of the host's domain name.

removeStrictTransportSecurity

public static void removeStrictTransportSecurity()

Remove the `Strict-Transport-Security` headers from the default settings.

Since:

9.1.1

setXFrameOptions

public static void setXFrameOptions(@Nullable
                                    EXFrameOptionType eType,
                                    @Nullable
                                    com.helger.commons.url.ISimpleURL aDomain)

The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a <frame>, <iframe> or <object> . Sites can use this to avoid clickjacking attacks, by ensuring that their content is not embedded into other sites. Example:

 X-Frame-Options: DENY
 X-Frame-Options: SAMEORIGIN
 X-Frame-Options: ALLOW-FROM https://example.com/
 

Parameters:

eType - The X-Frame-Options type to be set. May not be null.

aDomain - The domain URL to be used in "ALLOW-FROM". May be null for the other cases.

setReferrerPolicy

public static void setReferrerPolicy(@Nullable
                                     com.helger.http.EHttpReferrerPolicy eReferrerPolicy)

Set the default referrer policy to use. See https://scotthelme.co.uk/a-new-security-header-referrer-policy/

Parameters:

eReferrerPolicy - Policy to use. May be null.

setResponseHeader

public static void setResponseHeader(@Nonnull @Nonempty
                                     String sName,
                                     @Nonnull @Nonempty
                                     String sValue)

Sets a response header to the response according to the passed name and value. An existing header entry with the same name is overridden.

Parameters:

sName - Name of the header. May neither be null nor empty.

sValue - Value of the header. May neither be null nor empty.

addResponseHeader

public static void addResponseHeader(@Nonnull @Nonempty
                                     String sName,
                                     @Nonnull @Nonempty
                                     String sValue)

Adds a response header to the response according to the passed name and value. If an existing header with the same is present, the value is added to the list so that the header is emitted more than once.

Parameters:

sName - Name of the header. May neither be null nor empty.

sValue - Value of the header. May neither be null nor empty.

removeResponseHeaders

@Nonnull
public static com.helger.commons.state.EChange removeResponseHeaders(@Nonnull @Nonempty
                                                                               String sName)

Removes the response headers matching the passed name from the response.
ATTENTION: You should only use the APIs that UnifiedResponseDefaultSettings directly offers. Use this method only in emergency and make sure you validate the header field and allowed value!

Parameters:

sName - Name of the header to be removed. May neither be null nor empty.

Returns:

EChange.CHANGED in header was removed.

removeAllResponseHeaders

@Nonnull
public static com.helger.commons.state.EChange removeAllResponseHeaders()

Remove all response headers currently present.

Returns:

EChange

hasCookies

public static boolean hasCookies()

Returns:

true if at least one cookie is present.

getAllCookies

@Nonnull
 @ReturnsMutableCopy
public static com.helger.commons.collection.impl.ICommonsOrderedMap<String,javax.servlet.http.Cookie> getAllCookies()

Returns:

A copy of all contained cookies. Never null but maybe empty.

addCookie

public static void addCookie(@Nonnull
                             javax.servlet.http.Cookie aCookie)

Add the passed cookie.

Parameters:

aCookie - The cookie to be added. May not be null.

removeCookie

@Nonnull
public static com.helger.commons.state.EChange removeCookie(@Nullable
                                                                      String sName)

Remove the cookie with the specified name.

Parameters:

sName - The name of the cookie to be removed. May be null.

Returns:

EChange

removeAllCookies

@Nonnull
public static com.helger.commons.state.EChange removeAllCookies()

Remove all cookies.

Returns:

EChange.CHANGED if at least one cookie was removed.