Class ServerHttpSecurity.HeaderSpec.HstsSpec
java.lang.Object
org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.HstsSpec
- Enclosing class:
- ServerHttpSecurity.HeaderSpec
Configures Strict Transport Security response header
- See Also:
-
Method Summary
Modifier and TypeMethodDescriptionand()
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0.disable()
Disables strict transport security response headerincludeSubdomains
(boolean includeSubDomains) Configures if subdomains should be included.Configures the max age.preload
(boolean preload) Configures if preload should be included.
-
Method Details
-
maxAge
Configures the max age. Default is one year.- Parameters:
maxAge
- the max age- Returns:
- the
ServerHttpSecurity.HeaderSpec.HstsSpec
to continue configuring
-
includeSubdomains
Configures if subdomains should be included. Default is true- Parameters:
includeSubDomains
- if subdomains should be included- Returns:
- the
ServerHttpSecurity.HeaderSpec.HstsSpec
to continue configuring
-
preload
Configures if preload should be included. Default is false
See Website hstspreload.org for additional details.
- Parameters:
preload
- if subdomains should be included- Returns:
- the
ServerHttpSecurity.HeaderSpec.HstsSpec
to continue configuring - Since:
- 5.2.0
-
and
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. UseServerHttpSecurity.HeaderSpec.hsts(Customizer)
insteadAllows method chaining to continue configuring theServerHttpSecurity
- Returns:
- the
ServerHttpSecurity.HeaderSpec
to continue configuring
-
disable
Disables strict transport security response header- Returns:
- the
ServerHttpSecurity.HeaderSpec
to continue configuring
-