Class HeadersConfigurer.HstsConfig
java.lang.Object
org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HstsConfig
- Enclosing class:
- HeadersConfigurer<H extends HttpSecurityBuilder<H>>
-
Method Summary
Modifier and TypeMethodDescriptionand()
Allows completing configuration of Strict Transport Security and continuing configuration of headers.disable()
Disables Strict Transport SecurityincludeSubDomains
(boolean includeSubDomains) If true, subdomains should be considered HSTS Hosts too.maxAgeInSeconds
(long maxAgeInSeconds) Sets the value (in seconds) for the max-age directive of the Strict-Transport-Security header.preload
(boolean preload) If true, preload will be included in HSTS Header.requestMatcher
(RequestMatcher requestMatcher) Sets theRequestMatcher
used to determine if the "Strict-Transport-Security" should be added.
-
Method Details
-
maxAgeInSeconds
Sets the value (in seconds) for the max-age directive of the Strict-Transport-Security header. The default is one year.
This instructs browsers how long to remember to keep this domain as a known HSTS Host. See Section 6.1.1 for additional details.
- Parameters:
maxAgeInSeconds
- the maximum amount of time (in seconds) to consider this domain as a known HSTS Host.- Throws:
IllegalArgumentException
- if maxAgeInSeconds is negative
-
requestMatcher
Sets theRequestMatcher
used to determine if the "Strict-Transport-Security" should be added. If true the header is added, else the header is not added. By default the header is added whenServletRequest.isSecure()
returns true.- Parameters:
requestMatcher
- theRequestMatcher
to use.- Throws:
IllegalArgumentException
- ifRequestMatcher
is null
-
includeSubDomains
If true, subdomains should be considered HSTS Hosts too. The default is true.
See Section 6.1.2 for additional details.
- Parameters:
includeSubDomains
- true to include subdomains, else false
-
preload
If true, preload will be included in HSTS Header. The default is false.
See Website hstspreload.org for additional details.
- Parameters:
preload
- true to include preload, else false- Since:
- 5.2.0
-
disable
Disables Strict Transport Security- Returns:
- the
HeadersConfigurer
for additional configuration
-
and
Allows completing configuration of Strict Transport Security and continuing configuration of headers.- Returns:
- the
HeadersConfigurer
for additional configuration
-