Package io.camunda.security.configuration.headers

Class HstsConfig

java.lang.Object
io.camunda.security.configuration.headers.HstsConfig
public class HstsConfig extends Object
Configures HTTP Strict Transport Security (HSTS) to enforce HTTPS connections.

HSTS instructs browsers to only connect to the server using HTTPS, preventing protocol downgrade attacks and cookie hijacking. Once a browser receives this header, it will automatically convert all HTTP requests to HTTPS for the specified duration, even if the user types http:// or follows an HTTP link.

When enabled (default state), the header value includes: - max-age=31536000 (1 year): How long browsers remember to force HTTPS - includeSubDomains: Applies HSTS to all subdomains - preload: Indicates consent for inclusion in browser preload lists

This prevents several attack vectors: - Man-in-the-middle attacks on initial HTTP connection - SSL stripping attacks - Accidental exposure of session cookies over HTTP - Mixed content issues

See Also:

  • Constructor Details

    • HstsConfig

      public HstsConfig()

  • Method Details

    • isEnabled

      public boolean isEnabled()

    • setEnabled

      public void setEnabled(boolean enabled)

    • isDisabled

      public boolean isDisabled()

    • getMaxAgeInSeconds

      public long getMaxAgeInSeconds()

    • setMaxAgeInSeconds

      public void setMaxAgeInSeconds(long maxAgeInSeconds)

    • isIncludeSubDomains

      public boolean isIncludeSubDomains()

    • setIncludeSubDomains

      public void setIncludeSubDomains(boolean includeSubDomains)

    • isPreload

      public boolean isPreload()

    • setPreload

      public void setPreload(boolean preload)