Allow the admin endpoint to have HSTS header

And took change note changes from @johngmyers Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
proofpoint · Mar 8, 2024 · a29155a · a29155a
1 parent cc527e0
commit a29155a
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 0 deletions.
diff --git a/CHANGES b/CHANGES
@@ -1,3 +1,10 @@
+Platform 3.18
+
+* Jaxrs
+
+  - When HSTS headers are enabled (by configuring "jaxrs.hsts.max-age"), we now attach the
+    Strict-Transport-Security header to responses from admin endpoints as well.
+
 Platform 3.17
 
 * Library Upgrades

diff --git a/jaxrs/src/main/java/com/proofpoint/jaxrs/JaxrsModule.java b/jaxrs/src/main/java/com/proofpoint/jaxrs/JaxrsModule.java
@@ -106,6 +106,7 @@ public void setup(Binder binder)
         jaxrsBinder(binder).bind(LivenessResource.class);
         jaxrsBinder(binder).bind(HstsResponseFilter.class);
 
+        jaxrsBinder(binder).bindAdmin(HstsResponseFilter.class);
         jaxrsBinder(binder).bindAdmin(OpenApiResource.class);
         jaxrsBinder(binder).bindAdmin(OpenApiAdminResource.class);