Skip to content

Add preload support to Strict-Transport-Security #6312

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
OArtyomov opened this issue Dec 20, 2018 · 4 comments
Closed

Add preload support to Strict-Transport-Security #6312

OArtyomov opened this issue Dec 20, 2018 · 4 comments
Assignees
@rwinch
Labels
in: web An issue in web modules (web, webmvc) type: enhancement A general enhancement
Milestone
5.2.0.M2

Comments

@OArtyomov
Copy link

Strict-Transport-Security configuration
Problem:
Response header "Strict-Transport-Security" should contain value "max-age=31536000;includeSubdomains; preload". There is no possibility to do it in class HstsConfig now. Only "max-age=31536000; includeSubdomains" supportable.
@rwinch rwinch changed the title Strict-Transport-Security configuration Add preload support to Strict-Transport-Security Dec 20, 2018
@rwinch rwinch added the status: ideal-for-contribution An issue that we actively are looking for someone to help us with label Dec 20, 2018
@rwinch
Copy link
Member

rwinch commented Dec 20, 2018

Thanks for the ticket. Would you be willing to submit a PR for this? If you need help, I'd be glad to guide you through the process

@rwinch rwinch added this to the General Backlog milestone Dec 20, 2018
@rwinch rwinch added in: web An issue in web modules (web, webmvc) type: enhancement A general enhancement labels Dec 20, 2018
@ankurpathak
Copy link
Contributor

I would like to take this one.

@rwinch
Copy link
Member

rwinch commented Dec 21, 2018

@ankurpathak Thank you the issue is yours.

@ankurpathak ankurpathak mentioned this issue Dec 21, 2018
Merged
@ankurpathak
Copy link
Contributor

Pull request for the issue:
#6321

ankurpathak added a commit to ankurpathak/spring-security that referenced this issue Jan 9, 2019
@ankurpathak
Add preload support to Strict-Transport-Security
3fcc95d 
1. Preload support in Servlet Security(XML & Java)
2. Preload support in Reactive Security
3. Test for preload support in Servlet Security
4. Test for preload support in Reactive Security

Fixes: spring-projectsgh-6312
@rwinch rwinch mentioned this issue Jan 9, 2019
Closed
rwinch pushed a commit that referenced this issue Jan 16, 2019
@ankurpathak @rwinch
Add preload support to Strict-Transport-Security
b7ed919 
1. Preload support in Servlet Security(XML & Java)
2. Preload support in Reactive Security
3. Test for preload support in Servlet Security
4. Test for preload support in Reactive Security

Fixes: gh-6312
@rwinch rwinch modified the milestones: General Backlog, 5.2.0.M2 Jan 16, 2019
@rwinch rwinch removed the status: ideal-for-contribution An issue that we actively are looking for someone to help us with label Jan 16, 2019
@rwinch rwinch self-assigned this Jan 16, 2019
@eleftherias eleftherias mentioned this issue Jul 22, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rwinch rwinch

Labels
in: web An issue in web modules (web, webmvc) type: enhancement A general enhancement
Projects
None yet
Milestone
5.2.0.M2
Development

No branches or pull requests
3 participants
@rwinch @OArtyomov @ankurpathak