gpt4 book ai didi

java - 使用 spring boot 应用程序启用 HTTP 严格传输安全 (HSTS)

转载 作者:塔克拉玛干 更新时间:2023-11-01 22:05:44 25 4
gpt4 key购买 nike

我已关注文章https://docs.spring.io/spring-security/site/docs/4.0.2.RELEASE/reference/html/headers.html#headers-hsts在我的 spring boot 应用程序上启用 HSTS header 。尽管进行了必要的更改,Strict-Transport-Security header 并未出现响应。

pom.xml(依赖项)

<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
</dependency>
</dependencies>

WebSecurityConfig.java

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@EnableWebSecurity
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

@Override
protected void configure(HttpSecurity http) throws Exception {
http
.headers()
.httpStrictTransportSecurity()
.includeSubDomains(true)
.maxAgeInSeconds(31536000);
}
}

标题列表:

cache-control →no-cache, no-store, max-age=0, must-revalidate
content-language →en-GB
content-type →text/html;charset=UTF-8
date →Thu, 24 May 2018 14:10:29 GMT
expires →0
pragma →no-cache
transfer-encoding →chunked
x-application-context →application:9000
x-content-type-options →nosniff
x-frame-options →SAMEORIGIN
x-xss-protection →1; mode=block

我错过了什么吗?

最佳答案

根据 RFC6797,HSTS header 仅注入(inject)到 HTTPS 响应中。

来源:https://docs.spring.io/spring-security/site/docs/4.0.2.RELEASE/reference/htmlsingle/#headers-hsts

关于java - 使用 spring boot 应用程序启用 HTTP 严格传输安全 (HSTS),我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/50511702/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com