io.vertx.ext.web.handler

Interface XFrameHandler

All Superinterfaces:

Handler<RoutingContext>

public interface XFrameHandler
extends Handler<RoutingContext>

The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a <frame>, <iframe>, <embed> or <object>. Sites can use this to avoid click-jacking attacks, by ensuring that their content is not embedded into other sites. The added security is provided only if the user accessing the document is using a browser that supports X-Frame-Options.

Author:

Paulo Lopes

Field Summary

Fields

Modifier and Type	Field and Description
static String	DENY The page cannot be displayed in a frame, regardless of the site attempting to do so.
static String	SAMEORIGIN The page can only be displayed in a frame on the same origin as the page itself.

Method Summary

Modifier and Type	Method and Description
static XFrameHandler	create(String action) Creates a new handler that will add the X-FRAME-OPTIONS header to the current response.

Methods inherited from interface io.vertx.core.Handler

handle

Field Detail

DENY

static final String DENY

The page cannot be displayed in a frame, regardless of the site attempting to do so.

See Also:

Constant Field Values

SAMEORIGIN

static final String SAMEORIGIN

The page can only be displayed in a frame on the same origin as the page itself. The spec leaves it up to browser vendors to decide whether this option applies to the top level, the parent, or the whole chain, although it is argued that the option is not very useful unless all ancestors are also in the same origin.

See Also:

Constant Field Values

Method Detail

create

static XFrameHandler create(String action)

Creates a new handler that will add the X-FRAME-OPTIONS header to the current response.

Parameters:

action - a string value either DENY or SAMEORIGIN.

Returns:

the handler