I am using the following configuration code for an automated test using Spring Security:
@TestConfiguration
public static class SecurityConfiguration {
@Bean
public SecurityFilterChain filterChain(HttpSecurity http)
throws Exception {
http.headers().xssProtection().and()
.contentSecurityPolicy("default-src 'self'");
return http.build();
}
}
Recently, I'm getting several warnings because these methods are marked as deprecated:
The method xssProtection() from the type HeadersConfigurer<HttpSecurity> has been deprecated since version 6.1 and marked for removal
The method headers() from the type HttpSecurity has been deprecated since version 6.1 and marked for removal
The method contentSecurityPolicy(String) from the type HeadersConfigurer<HttpSecurity> has been deprecated since version 6.1 and marked for removal
The method and() from the type HeadersConfigurer<HttpSecurity>.XXssConfig has been deprecated since version 6.1 and marked for removal
Does anybody know how to make the same configuration using the new configurer/customizer API?
something like...
public SecurityFilterChain filterChain(HttpSecurity http) {
http.headers(headers ->
headers.xssProtection(
xss -> xss.headerValue(XXssProtectionHeaderWriter.HeaderValue.ENABLED_MODE_BLOCK)
).contentSecurityPolicy(
cps -> cps.policyDirectives("script-src 'self' .....")
));
return http.build();
}