5 years ago · f26387a4b7
--- a/docs/manual/src/docs/asciidoc/_includes/reactive/exploits/http.adoc
+++ b/docs/manual/src/docs/asciidoc/_includes/reactive/exploits/http.adoc
@@ -14,7 +14,8 @@ For example, the following Java configuration will redirect any HTTP requests to
 
				 
			
 
				 .Redirect to HTTPS
			
 
				 ====
			
 
				-[source,java]
			
 
				+.Java
			
 
				+[source,java,role="primary"]
			
 
				 ----
			
 
				 @Bean
			
 
				 SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
			
@@ -24,6 +25,18 @@ SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 
				 	return http.build();
			
 
				 }
			
 
				 ----
			
 
				+
			
 
				+.Kotlin
			
 
				+[source,kotlin,role="secondary"]
			
 
				+----
			
 
				+@Bean
			
 
				+fun springSecurityFilterChain(http: ServerHttpSecurity): SecurityWebFilterChain {
			
 
				+    return http {
			
 
				+        // ...
			
 
				+        redirectToHttps { }
			
 
				+    }
			
 
				+}
			
 
				+----
			
 
				 ====
			
 
				 
			
 
				 The configuration can easily be wrapped around an if statement to only be turned on in production.
			
@@ -32,7 +45,8 @@ For example, if the production environment adds a header named `X-Forwarded-Prot
 
				 
			
 
				 .Redirect to HTTPS when X-Forwarded
			
 
				 ====
			
 
				-[source,java]
			
 
				+.Java
			
 
				+[source,java,role="primary"]
			
 
				 ----
			
 
				 @Bean
			
 
				 SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
			
@@ -44,6 +58,22 @@ SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 
				 	return http.build();
			
 
				 }
			
 
				 ----
			
 
				+
			
 
				+.Kotlin
			
 
				+[source,kotlin,role="secondary"]
			
 
				+----
			
 
				+@Bean
			
 
				+fun springSecurityFilterChain(http: ServerHttpSecurity): SecurityWebFilterChain {
			
 
				+    return http {
			
 
				+        // ...
			
 
				+        redirectToHttps {
			
 
				+            httpsRedirectWhen {
			
 
				+                it.request.headers.containsKey("X-Forwarded-Proto")
			
 
				+            }
			
 
				+        }
			
 
				+    }
			
 
				+}
			
 
				+----
			
 
				 ====
			
 
				 
			
 
				 [[webflux-hsts]]