Class HeadersConfigurer.HstsConfig

    • Method Detail

      • maxAgeInSeconds

        public HeadersConfigurer.HstsConfig maxAgeInSeconds​(long maxAgeInSeconds)

        Sets the value (in seconds) for the max-age directive of the Strict-Transport-Security header. The default is one year.

        This instructs browsers how long to remember to keep this domain as a known HSTS Host. See Section 6.1.1 for additional details.

        maxAgeInSeconds - the maximum amount of time (in seconds) to consider this domain as a known HSTS Host.
        java.lang.IllegalArgumentException - if maxAgeInSeconds is negative
      • requestMatcher

        public HeadersConfigurer.HstsConfig requestMatcher​(RequestMatcher requestMatcher)
        Sets the RequestMatcher used to determine if the "Strict-Transport-Security" should be added. If true the header is added, else the header is not added. By default the header is added when ServletRequest.isSecure() returns true.
        requestMatcher - the RequestMatcher to use.
        java.lang.IllegalArgumentException - if RequestMatcher is null
      • includeSubDomains

        public HeadersConfigurer.HstsConfig includeSubDomains​(boolean includeSubDomains)

        If true, subdomains should be considered HSTS Hosts too. The default is true.

        See Section 6.1.2 for additional details.

        includeSubDomains - true to include subdomains, else false
      • preload

        public HeadersConfigurer.HstsConfig preload​(boolean preload)

        If true, preload will be included in HSTS Header. The default is false.

        See Website for additional details.

        preload - true to include preload, else false
      • and

        public HeadersConfigurer<H> and()
        Allows completing configuration of Strict Transport Security and continuing configuration of headers.
        the HeadersConfigurer for additional configuration