Inicio Explorar Axuda
Rexistro Iniciar sesión
github
/
spring-security
réplica de https://github.com/spring-projects/spring-security
2
0
Fork 0
Ficheiros Incidencias 0 Wiki
Explorar o código

SEC-2230: Polish headers reference

Rob Winch %!s(int64=12) %!d(string=hai) anos
pai
bc8ff9590c
achega
988e97e366
Modificáronse 1 ficheiros con 17 adicións e 5 borrados
Dividir vista Mostrar estatísticas de Diff
  1. 17 5
      docs/manual/src/docbook/namespace-config.xml

+ 17 - 5
docs/manual/src/docbook/namespace-config.xml
Ver ficheiro 

@@ -614,24 +614,36 @@ List&lt;OpenIDAttribute> attributes = token.getAttributes();</programlisting>The
 
             <para>A lot of different attacks to hijack content, sessions or connections are available and lately
 
                 browsers (optionally) can help to prevent those attacks. To enable these features we need to send some
 
                 additional headers to the client. Spring Security allows for easy configuration for several headers.
 
+                <progamlisting language="xml">
 
+                    <![CDATA[
 
+                            <headers/>
 
+                    ]]>
 
+                </progamlisting>
 
+            </para>
 
+            <para>Specifying the single headers element adds all the explicitly supported headers
 
+                with their default settings. If you only want select headers to be added,
 
+                you can add one or more of the child elements as shown below.
 
                 <progamlisting language="xml">
 
                     <![CDATA[
 
                             <headers>
 
                                 <!-- Add Cache-Control and Pragma headers -->
 
                                 <cache-control/>
 
-                                <!-- Adds X-XSS-Protection with value of 1 -->
 
-                                <xss-protection/>
 
-                                <!-- Add X-Frame-Options with a value of DENY -->
 
-                                <frame-options/>
 
                                 <!-- Add X-Content-Type-Options with value of nosniff -->
 
                                 <content-type-options/>
 
                                 <!-- Add custom headers -->
 
                                 <header name="foo" value="bar"/>
 
+                                <-- Adds HTTP Strict Transport Security (HSTS) for secure requests -->
 
+                                <hsts/>
 
+                                <!-- Add X-Frame-Options with a value of DENY -->
 
+                                <frame-options/>
 
+                                <!-- Adds X-XSS-Protection with value of 1; mode=block-->
 
+                                <xss-protection/>
 
                             </headers>
 
                     ]]>
 
                 </progamlisting>
 
             </para>
 
-            <para>For additional information refer to <link xlink:href="nsa-headers">headers</link> section of the Security Namespace appendix.</para>
 
+            <para>For additional information on how to customize the headers element refer to the <link xlink:href="nsa-headers">headers</link>
 
+                section of the Security Namespace appendix.</para>
 
         </section>
 
         <section xml:id="ns-custom-filters">
 
             <title>Adding in Your Own Filters</title>