final case class SecurityRules(https: Option[HttpsRules] = None, content: Option[ContentSecurityPolicy] = Some(ContentSecurityPolicy()), frameRestrictions: Option[FrameRestrictions] = Some(FrameRestrictions.SameOrigin), enforceInOtherModes: Boolean = false, logInOtherModes: Boolean = true, enforceInDevMode: Boolean = false, logInDevMode: Boolean = true) extends Product with Serializable
Specifies security rules for a Lift application. By default, HTTPS is not
required and Content-Security-Policy
is restricted to the current domain
for everything except images, which are accepted from any domain.
Additionally, served pages can only be embedded in other frames from
the current domain.
You can use SecurityRules.secure
to enable more restrictive, but
also more secure, defaults.
- enforceInDevMode
If true, security policies and HTTPS rules are enforced in dev mode in addition to staging/pilot/production/etc.
- logInDevMode
If true, dev mode violations of security policies are logged by default. Note that if you override
LiftRules.contentSecurityPolicyViolationReport
or otherwise change the default Lift policy violation handling behavior, it will be up to you to handle this property as desired.
- Alphabetic
- By Inheritance
- SecurityRules
- Serializable
- Serializable
- Product
- Equals
- AnyRef
- Any
- Hide All
- Show All
- Public
- All
Instance Constructors
-
new
SecurityRules(https: Option[HttpsRules] = None, content: Option[ContentSecurityPolicy] = Some(ContentSecurityPolicy()), frameRestrictions: Option[FrameRestrictions] = Some(FrameRestrictions.SameOrigin), enforceInOtherModes: Boolean = false, logInOtherModes: Boolean = true, enforceInDevMode: Boolean = false, logInDevMode: Boolean = true)
- enforceInDevMode
If true, security policies and HTTPS rules are enforced in dev mode in addition to staging/pilot/production/etc.
- logInDevMode
If true, dev mode violations of security policies are logged by default. Note that if you override
LiftRules.contentSecurityPolicyViolationReport
or otherwise change the default Lift policy violation handling behavior, it will be up to you to handle this property as desired.
Value Members
-
final
def
!=(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
-
final
def
##(): Int
- Definition Classes
- AnyRef → Any
-
final
def
==(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
-
final
def
asInstanceOf[T0]: T0
- Definition Classes
- Any
-
def
clone(): AnyRef
- Attributes
- protected[java.lang]
- Definition Classes
- AnyRef
- Annotations
- @throws( ... )
- val content: Option[ContentSecurityPolicy]
- val enforceInDevMode: Boolean
- val enforceInOtherModes: Boolean
-
final
def
eq(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef
-
def
finalize(): Unit
- Attributes
- protected[java.lang]
- Definition Classes
- AnyRef
- Annotations
- @throws( classOf[java.lang.Throwable] )
- val frameRestrictions: Option[FrameRestrictions]
-
final
def
getClass(): Class[_]
- Definition Classes
- AnyRef → Any
-
lazy val
headers: List[(String, String)]
Returns the headers implied by this set of security rules.
- val https: Option[HttpsRules]
-
final
def
isInstanceOf[T0]: Boolean
- Definition Classes
- Any
- val logInDevMode: Boolean
- val logInOtherModes: Boolean
-
final
def
ne(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef
-
final
def
notify(): Unit
- Definition Classes
- AnyRef
-
final
def
notifyAll(): Unit
- Definition Classes
- AnyRef
-
final
def
synchronized[T0](arg0: ⇒ T0): T0
- Definition Classes
- AnyRef
-
final
def
wait(): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws( ... )
-
final
def
wait(arg0: Long, arg1: Int): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws( ... )
-
final
def
wait(arg0: Long): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws( ... )