Class/Object

net.liftweb.http

SecurityRules

Related Docs: object SecurityRules | package http

Permalink

final case class SecurityRules(https: Option[HttpsRules] = None, content: Option[ContentSecurityPolicy] = Some(ContentSecurityPolicy()), frameRestrictions: Option[FrameRestrictions] = Some(FrameRestrictions.SameOrigin), enforceInOtherModes: Boolean = false, logInOtherModes: Boolean = true, enforceInDevMode: Boolean = false, logInDevMode: Boolean = true) extends Product with Serializable

Specifies security rules for a Lift application. By default, HTTPS is not required and Content-Security-Policy is restricted to the current domain for everything except images, which are accepted from any domain. Additionally, served pages can only be embedded in other frames from the current domain.

You can use SecurityRules.secure to enable more restrictive, but also more secure, defaults.

enforceInDevMode

If true, security policies and HTTPS rules are enforced in dev mode in addition to staging/pilot/production/etc.

logInDevMode

If true, dev mode violations of security policies are logged by default. Note that if you override LiftRules.contentSecurityPolicyViolationReport or otherwise change the default Lift policy violation handling behavior, it will be up to you to handle this property as desired.

Linear Supertypes
Serializable, Serializable, Product, Equals, AnyRef, Any
Ordering
  1. Alphabetic
  2. By inheritance
Inherited
  1. SecurityRules
  2. Serializable
  3. Serializable
  4. Product
  5. Equals
  6. AnyRef
  7. Any
  1. Hide All
  2. Show all
Visibility
  1. Public
  2. All

Instance Constructors

  1. new SecurityRules(https: Option[HttpsRules] = None, content: Option[ContentSecurityPolicy] = Some(ContentSecurityPolicy()), frameRestrictions: Option[FrameRestrictions] = Some(FrameRestrictions.SameOrigin), enforceInOtherModes: Boolean = false, logInOtherModes: Boolean = true, enforceInDevMode: Boolean = false, logInDevMode: Boolean = true)

    Permalink

    enforceInDevMode

    If true, security policies and HTTPS rules are enforced in dev mode in addition to staging/pilot/production/etc.

    logInDevMode

    If true, dev mode violations of security policies are logged by default. Note that if you override LiftRules.contentSecurityPolicyViolationReport or otherwise change the default Lift policy violation handling behavior, it will be up to you to handle this property as desired.

Value Members

  1. final def !=(arg0: Any): Boolean

    Permalink
    Definition Classes
    AnyRef → Any

  2. final def ##(): Int

    Permalink
    Definition Classes
    AnyRef → Any

  3. final def ==(arg0: Any): Boolean

    Permalink
    Definition Classes
    AnyRef → Any

  4. final def asInstanceOf[T0]: T0

    Permalink
    Definition Classes
    Any

  5. def clone(): AnyRef

    Permalink
    Attributes
    protected[java.lang]
    Definition Classes
    AnyRef
    Annotations
    @throws( ... )

  6. val content: Option[ContentSecurityPolicy]

    Permalink

  7. val enforceInDevMode: Boolean

    Permalink

    If true, security policies and HTTPS rules are enforced in dev mode in addition to staging/pilot/production/etc.

  8. val enforceInOtherModes: Boolean

    Permalink

  9. final def eq(arg0: AnyRef): Boolean

    Permalink
    Definition Classes
    AnyRef

  10. def finalize(): Unit

    Permalink
    Attributes
    protected[java.lang]
    Definition Classes
    AnyRef
    Annotations
    @throws( classOf[java.lang.Throwable] )

  11. val frameRestrictions: Option[FrameRestrictions]

    Permalink

  12. final def getClass(): Class[_]

    Permalink
    Definition Classes
    AnyRef → Any

  13. lazy val headers: List[(String, String)]

    Permalink

    Returns the headers implied by this set of security rules.

  14. val https: Option[HttpsRules]

    Permalink

  15. final def isInstanceOf[T0]: Boolean

    Permalink
    Definition Classes
    Any

  16. val logInDevMode: Boolean

    Permalink

    If true, dev mode violations of security policies are logged by default.

    If true, dev mode violations of security policies are logged by default. Note that if you override LiftRules.contentSecurityPolicyViolationReport or otherwise change the default Lift policy violation handling behavior, it will be up to you to handle this property as desired.

  17. val logInOtherModes: Boolean

    Permalink

  18. final def ne(arg0: AnyRef): Boolean

    Permalink
    Definition Classes
    AnyRef

  19. final def notify(): Unit

    Permalink
    Definition Classes
    AnyRef

  20. final def notifyAll(): Unit

    Permalink
    Definition Classes
    AnyRef

  21. final def synchronized[T0](arg0: ⇒ T0): T0

    Permalink
    Definition Classes
    AnyRef

  22. final def wait(): Unit

    Permalink
    Definition Classes
    AnyRef
    Annotations
    @throws( ... )

  23. final def wait(arg0: Long, arg1: Int): Unit

    Permalink
    Definition Classes
    AnyRef
    Annotations
    @throws( ... )

  24. final def wait(arg0: Long): Unit

    Permalink
    Definition Classes
    AnyRef
    Annotations
    @throws( ... )

Inherited from Serializable

Inherited from Serializable

Inherited from Product

Inherited from Equals

Inherited from AnyRef

Inherited from Any

Ungrouped