Bon*_*cía 2 java spring spring-security spring-test http-headers
我使用以下配置代码使用 Spring Security 进行自动化测试:
@TestConfiguration
public static class SecurityConfiguration {
@Bean
public SecurityFilterChain filterChain(HttpSecurity http)
throws Exception {
http.headers().xssProtection().and()
.contentSecurityPolicy("default-src 'self'");
return http.build();
}
}
最近,我收到几个警告,因为这些方法被标记为已弃用:
The method xssProtection() from the type HeadersConfigurer<HttpSecurity> has been deprecated since version 6.1 and marked for removal
The method headers() from the type HttpSecurity has been deprecated since version 6.1 and marked for removal
The method contentSecurityPolicy(String) from the type HeadersConfigurer<HttpSecurity> has been deprecated since version 6.1 and marked for removal
The method and() from the type HeadersConfigurer<HttpSecurity>.XXssConfig has been deprecated since version 6.1 and marked for removal
有人知道如何使用新的配置器/定制器 API 进行相同的配置吗?
就像是...
public SecurityFilterChain filterChain(HttpSecurity http) {
http.headers(headers ->
headers.xssProtection(
xss -> xss.headerValue(XXssProtectionHeaderWriter.HeaderValue.ENABLED_MODE_BLOCK)
).contentSecurityPolicy(
cps -> cps.policyDirectives("script-src 'self' .....")
));
return http.build();
}
参考:文档利用标头
| 归档时间: |
|
| 查看次数: |
3985 次 |
| 最近记录: |