Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SEC-2674: HSTS Documentation refers to http.hsts() instead of http.httpStrictTransportSecurity() #2895

Closed
spring-issuemaster opened this issue Jun 27, 2014 · 1 comment
Assignees
Milestone

Comments

@spring-issuemaster
Copy link

@spring-issuemaster spring-issuemaster commented Jun 27, 2014

Rob Winch (Migrated from SEC-2674) said:

Hello,

I have been going through the exercise of configuring Spring Security to send HSTS headers while using Spring Boot and discovered that the documentation on the spring.io site is incorrect.

It instructs the user to call the headers().hsts() function which does not exist. After looking through the source, I see that the function is in fact called httpStrictTransportSecurity().

This is the version that was linked from the main site:
http://docs.spring.io/spring-security/site/docs/3.2.0.CI-SNAPSHOT/reference/html/headers.html#headers-hsts

I confirmed that it has not been changed in the 3.2.4 release:
http://docs.spring.io/spring-security/site/docs/3.2.4.RELEASE/reference/htmlsingle/#headers-hsts

Also, the configuration override section does not mention that the following import will be required to to access the HttpSecurity class.

import org.springframework.security.config.annotation.web.builders.*;

Thanks,
Bryan

@spring-issuemaster

This comment has been minimized.

Copy link
Author

@spring-issuemaster spring-issuemaster commented Nov 19, 2014

Rob Winch said:

Thanks for the bug report! This has been fixed in master and 3.2.x.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.