Class ServerHttpSecurity.HeaderSpec.HstsSpec
java.lang.Object
org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.HstsSpec
- Enclosing class:
- ServerHttpSecurity.HeaderSpec
Configures Strict Transport Security response header
- See Also:
-
Method Summary
Modifier and TypeMethodDescriptionand()Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0.disable()Disables strict transport security response headerincludeSubdomains(boolean includeSubDomains) Configures if subdomains should be included.Configures the max age.preload(boolean preload) Configures if preload should be included.
-
Method Details
-
maxAge
Configures the max age. Default is one year.- Parameters:
maxAge- the max age- Returns:
- the
ServerHttpSecurity.HeaderSpec.HstsSpecto continue configuring
-
includeSubdomains
Configures if subdomains should be included. Default is true- Parameters:
includeSubDomains- if subdomains should be included- Returns:
- the
ServerHttpSecurity.HeaderSpec.HstsSpecto continue configuring
-
preload
Configures if preload should be included. Default is false
See Website hstspreload.org for additional details.
- Parameters:
preload- if subdomains should be included- Returns:
- the
ServerHttpSecurity.HeaderSpec.HstsSpecto continue configuring - Since:
- 5.2.0
-
and
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. UseServerHttpSecurity.HeaderSpec.hsts(Customizer)orhsts(Customizer.withDefaults())to stick with defaults. See the documentation for more details.Allows method chaining to continue configuring theServerHttpSecurity- Returns:
- the
ServerHttpSecurity.HeaderSpecto continue configuring
-
disable
Disables strict transport security response header- Returns:
- the
ServerHttpSecurity.HeaderSpecto continue configuring
-