public final class HeadersConfigurer.HstsConfig
extends java.lang.Object
Modifier and Type | Method and Description |
---|---|
HeadersConfigurer<H> |
and()
Allows completing configuration of Strict Transport Security and continuing
configuration of headers.
|
HeadersConfigurer<H> |
disable()
Disables Strict Transport Security
|
HeadersConfigurer.HstsConfig |
includeSubDomains(boolean includeSubDomains)
If true, subdomains should be considered HSTS Hosts too.
|
HeadersConfigurer.HstsConfig |
maxAgeInSeconds(long maxAgeInSeconds)
Sets the value (in seconds) for the max-age directive of the
Strict-Transport-Security header.
|
HeadersConfigurer.HstsConfig |
preload(boolean preload)
If true, preload will be included in HSTS Header.
|
HeadersConfigurer.HstsConfig |
requestMatcher(RequestMatcher requestMatcher)
Sets the
RequestMatcher used to determine if the
"Strict-Transport-Security" should be added. |
public HeadersConfigurer.HstsConfig maxAgeInSeconds(long maxAgeInSeconds)
Sets the value (in seconds) for the max-age directive of the Strict-Transport-Security header. The default is one year.
This instructs browsers how long to remember to keep this domain as a known HSTS Host. See Section 6.1.1 for additional details.
maxAgeInSeconds
- the maximum amount of time (in seconds) to consider this
domain as a known HSTS Host.java.lang.IllegalArgumentException
- if maxAgeInSeconds is negativepublic HeadersConfigurer.HstsConfig requestMatcher(RequestMatcher requestMatcher)
RequestMatcher
used to determine if the
"Strict-Transport-Security" should be added. If true the header is added, else
the header is not added. By default the header is added when
ServletRequest.isSecure()
returns true.requestMatcher
- the RequestMatcher
to use.java.lang.IllegalArgumentException
- if RequestMatcher
is nullpublic HeadersConfigurer.HstsConfig includeSubDomains(boolean includeSubDomains)
If true, subdomains should be considered HSTS Hosts too. The default is true.
See Section 6.1.2 for additional details.
includeSubDomains
- true to include subdomains, else falsepublic HeadersConfigurer.HstsConfig preload(boolean preload)
If true, preload will be included in HSTS Header. The default is false.
See Website hstspreload.org for additional details.
preload
- true to include preload, else falsepublic HeadersConfigurer<H> disable()
HeadersConfigurer
for additional configurationpublic HeadersConfigurer<H> and()
HeadersConfigurer
for additional configuration