Fix method chaining for ContentSecurityPolicySpec

ziqin · ziqin · commit 8320c76c1890 · 2026-01-15T02:26:37.000+08:00
Signed-off-by: Ziqin Wang &lt;ziqin@wangziqin.net&gt;
diff --git a/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java b/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
@@ -2830,7 +2830,7 @@ public HeaderSpec headerValue(XXssProtectionServerHttpHeadersWriter.HeaderValue
 		 * Configures {@code Content-Security-Policy} response header.
 		 *
 		 * @since 5.1
-		 * @see #contentSecurityPolicy(String)
+		 * @see #contentSecurityPolicy(Customizer)
 		 */
 		public final class ContentSecurityPolicySpec {
 
@@ -2845,21 +2845,21 @@ private ContentSecurityPolicySpec() {
 			 * in the response. Otherwise, defaults to the {@code Content-Security-Policy}
 			 * header.
 			 * @param reportOnly whether to only report policy violations
-			 * @return the {@link HeaderSpec} to continue configuring
+			 * @return the {@link ContentSecurityPolicySpec} to continue configuring
 			 */
-			public HeaderSpec reportOnly(boolean reportOnly) {
+			public ContentSecurityPolicySpec reportOnly(boolean reportOnly) {
 				HeaderSpec.this.contentSecurityPolicy.setReportOnly(reportOnly);
-				return HeaderSpec.this;
+				return this;
 			}
 
 			/**
 			 * Sets the security policy directive(s) to be used in the response header.
 			 * @param policyDirectives the security policy directive(s)
-			 * @return the {@link HeaderSpec} to continue configuring
+			 * @return the {@link ContentSecurityPolicySpec} to continue configuring
 			 */
-			public HeaderSpec policyDirectives(String policyDirectives) {
+			public ContentSecurityPolicySpec policyDirectives(String policyDirectives) {
 				HeaderSpec.this.contentSecurityPolicy.setPolicyDirectives(policyDirectives);
-				return HeaderSpec.this;
+				return this;
 			}
 
 			private ContentSecurityPolicySpec(String policyDirectives) {
