mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-06-01 09:42:13 +00:00
SEC-2285: Polish Security Headers Documentation
Explain why (passivity) XML Namespace doesn't enable security headers by default.
This commit is contained in:
parent
9bb283044f
commit
06a0ec1a9f
@ -26,9 +26,13 @@
|
|||||||
</listitem>
|
</listitem>
|
||||||
</itemizedlist></para>
|
</itemizedlist></para>
|
||||||
<para>While each of these headers are considered best practice, it should be noted that not all clients
|
<para>While each of these headers are considered best practice, it should be noted that not all clients
|
||||||
utilize the headers, so additional testing is encouraged. If you are using Spring Security's XML namespace support,
|
utilize the headers, so additional testing is encouraged. For passivity reasons, if you are using Spring Security's
|
||||||
you can easily add all of the default headers with the
|
XML namespace support, you must explicitly enable the security headers. All of the default headers can be easily added
|
||||||
<link linkend="nsa-headers"><headers></link> element with no child elements:</para>
|
using the <link linkend="nsa-headers"><headers></link> element with no child elements:</para>
|
||||||
|
<note>
|
||||||
|
<para><link xlink:href="https://jira.springsource.org/browse/SEC-2348">SEC-2348</link> is logged to ensure Spring
|
||||||
|
Security 4.x's XML namespace configuration will enable Security headers by default.</para>
|
||||||
|
</note>
|
||||||
<programlisting language="xml"><![CDATA[<http>
|
<programlisting language="xml"><![CDATA[<http>
|
||||||
<!-- ... -->
|
<!-- ... -->
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user