SEC-2331: Include Expires: 0 in security headers documentation

This commit is contained in:
Rob Winch 2013-09-27 16:13:40 -05:00
parent 06a0ec1a9f
commit 17efd25717
3 changed files with 4 additions and 1 deletions

View File

@ -157,6 +157,7 @@ public final class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends
* <ul>
* <li>Cache-Control: no-cache, no-store, max-age=0, must-revalidate</li>
* <li>Pragma: no-cache</li>
* <li>Expires: 0</li>
* </ul>
*
* @return the {@link HeadersConfigurer} for additional customizations

View File

@ -90,7 +90,8 @@ public class WebSecurityConfig extends
browser history to view the cached page. To help mitigate this Spring Security has added cache control support
which will insert the following headers into you response.</para>
<programlisting><![CDATA[Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache]]></programlisting>
Pragma: no-cache
Expires: 0]]></programlisting>
<para>Simply adding the <link linkend="nsa-headers">&lt;headers&gt;</link> element with no child elements will
automatically add Cache Control and quite a few other protections. However, if you only want cache control, you can
enable this feature using Spring Security's XML namespace with the

View File

@ -26,6 +26,7 @@ import org.springframework.security.web.header.Header;
* <ul>
* <li>Cache-Control: no-cache, no-store, max-age=0, must-revalidate</li>
* <li>Pragma: no-cache</li>
* <li>Expires: 0</li>
* </ul>
*
* @author Rob Winch