Skip to content

Add preload support to Strict-Transport-Security #6321

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jan 16, 2019
Merged

Add preload support to Strict-Transport-Security #6321

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 19 additions & 0 deletions ...ava/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -379,6 +379,25 @@ public HstsConfig includeSubDomains(boolean includeSubDomains) {
return this;
}

/**
* <p>
* If true, preload will be included in HSTS Header. The default is false.
* </p>
*
* <p>
* See <a href="https://hstspreload.org/">Website hstspreload.org</a>
* for additional details.
* </p>
*
* @param preload true to include preload, else false
* @since 5.2.0
* @author Ankur Pathak
*/
public HstsConfig preload(boolean preload) {
writer.setPreload(preload);
return this;
}

/**
* Disables Strict Transport Security
*
Expand Down
9 changes: 9 additions & 0 deletions ...g/src/main/java/org/springframework/security/config/http/HeadersBeanDefinitionParser.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,7 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
private static final String ATT_INCLUDE_SUBDOMAINS = "include-subdomains";
private static final String ATT_MAX_AGE_SECONDS = "max-age-seconds";
private static final String ATT_REQUEST_MATCHER_REF = "request-matcher-ref";
private static final String ATT_PRELOAD = "preload";
private static final String ATT_REPORT_ONLY = "report-only";
private static final String ATT_REPORT_URI = "report-uri";
private static final String ATT_ALGORITHM = "algorithm";
Expand Down Expand Up @@ -194,6 +195,14 @@ private void addHsts(boolean addIfNotPresent, Element hstsElement,
}
headersWriter.addPropertyReference("requestMatcher", requestMatcherRef);
}
String preload = hstsElement.getAttribute(ATT_PRELOAD);
if (StringUtils.hasText(preload)) {
if (disabled) {
attrNotAllowed(context, ATT_PRELOAD, ATT_DISABLED,
hstsElement);
}
headersWriter.addPropertyValue("preload", preload);
}

if (disabled == true) {
return;
Expand Down
20 changes: 20 additions & 0 deletions config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2367,6 +2367,26 @@ public HstsSpec includeSubdomains(boolean includeSubDomains) {
return this;
}

/**
* <p>
* Configures if preload should be included. Default is false
* </p>
*
* <p>
* See <a href="https://hstspreload.org/">Website hstspreload.org</a>
* for additional details.
* </p>
*
* @param preload if subdomains should be included
* @return the {@link HstsSpec} to continue configuring
* @since 5.2.0
* @author Ankur Pathak
*/
public HstsSpec preload(boolean preload) {
HeaderSpec.this.hsts.setPreload(preload);
return this;
}

/**
* Allows method chaining to continue configuring the {@link ServerHttpSecurity}
* @return the {@link HeaderSpec} to continue configuring
Expand Down
919 changes: 919 additions & 0 deletions config/src/main/resources/org/springframework/security/config/spring-security-5.2.rnc
View file
Open in desktop

Large diffs are not rendered by default.

Loading