Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
SEC-2674: HSTS Documentation refers to http.hsts() instead of http.httpStrictTransportSecurity() #2895
I have been going through the exercise of configuring Spring Security to send HSTS headers while using Spring Boot and discovered that the documentation on the spring.io site is incorrect.
It instructs the user to call the headers().hsts() function which does not exist. After looking through the source, I see that the function is in fact called httpStrictTransportSecurity().
This is the version that was linked from the main site:
I confirmed that it has not been changed in the 3.2.4 release:
Also, the configuration override section does not mention that the following import will be required to to access the HttpSecurity class.