final case class SecurityRules(https: Option[HttpsRules] = None, content: Option[ContentSecurityPolicy] = Some(ContentSecurityPolicy()), frameRestrictions: Option[FrameRestrictions] = Some(FrameRestrictions.SameOrigin), enforceInOtherModes: Boolean = false, logInOtherModes: Boolean = true, enforceInDevMode: Boolean = false, logInDevMode: Boolean = true) extends Product with Serializable
Specifies security rules for a Lift application. By default, HTTPS is not
required and Content-Security-Policy is restricted to the current domain
for everything except images, which are accepted from any domain.
Additionally, served pages can only be embedded in other frames from
the current domain.
You can use SecurityRules.secure to enable more restrictive, but
also more secure, defaults.
- enforceInDevMode
If true, security policies and HTTPS rules are enforced in dev mode in addition to staging/pilot/production/etc.
- logInDevMode
If true, dev mode violations of security policies are logged by default. Note that if you override
LiftRules.contentSecurityPolicyViolationReportor otherwise change the default Lift policy violation handling behavior, it will be up to you to handle this property as desired.
- Alphabetic
- By Inheritance
- SecurityRules
- Serializable
- Product
- Equals
- AnyRef
- Any
- Hide All
- Show All
- Public
- Protected
Instance Constructors
- new SecurityRules(https: Option[HttpsRules] = None, content: Option[ContentSecurityPolicy] = Some(ContentSecurityPolicy()), frameRestrictions: Option[FrameRestrictions] = Some(FrameRestrictions.SameOrigin), enforceInOtherModes: Boolean = false, logInOtherModes: Boolean = true, enforceInDevMode: Boolean = false, logInDevMode: Boolean = true)
- enforceInDevMode
If true, security policies and HTTPS rules are enforced in dev mode in addition to staging/pilot/production/etc.
- logInDevMode
If true, dev mode violations of security policies are logged by default. Note that if you override
LiftRules.contentSecurityPolicyViolationReportor otherwise change the default Lift policy violation handling behavior, it will be up to you to handle this property as desired.
Value Members
- final def !=(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
- final def ##: Int
- Definition Classes
- AnyRef → Any
- final def ==(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
- final def asInstanceOf[T0]: T0
- Definition Classes
- Any
- def clone(): AnyRef
- Attributes
- protected[lang]
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.CloneNotSupportedException]) @native()
- val content: Option[ContentSecurityPolicy]
- val enforceInDevMode: Boolean
- val enforceInOtherModes: Boolean
- final def eq(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef
- def finalize(): Unit
- Attributes
- protected[lang]
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.Throwable])
- val frameRestrictions: Option[FrameRestrictions]
- final def getClass(): Class[_ <: AnyRef]
- Definition Classes
- AnyRef → Any
- Annotations
- @native()
- lazy val headers: List[(String, String)]
Returns the headers implied by this set of security rules.
- val https: Option[HttpsRules]
- final def isInstanceOf[T0]: Boolean
- Definition Classes
- Any
- val logInDevMode: Boolean
- val logInOtherModes: Boolean
- final def ne(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef
- final def notify(): Unit
- Definition Classes
- AnyRef
- Annotations
- @native()
- final def notifyAll(): Unit
- Definition Classes
- AnyRef
- Annotations
- @native()
- def productElementNames: Iterator[String]
- Definition Classes
- Product
- final def synchronized[T0](arg0: => T0): T0
- Definition Classes
- AnyRef
- final def wait(): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.InterruptedException])
- final def wait(arg0: Long, arg1: Int): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.InterruptedException])
- final def wait(arg0: Long): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.InterruptedException]) @native()