SEC-2331: Include Expires: 0 in xsd and appendix

config/src/main/resources/org/springframework/security/config/spring-security-3.2.rnc

@@ -746,7 +746,7 @@ hsts-options.attlist &=
     attribute request-matcher-ref { xsd:token }?
 
 cache-control =
-    ## Adds Cache-Control no-cache, no-store, must-revalidate and Pragma no-cache every URL
+    ## Adds Cache-Control no-cache, no-store, must-revalidate, Pragma no-cache, and Expires 0 for every request
     element cache-control {empty}
 
 frame-options =
@@ -818,4 +818,4 @@ position =
     ## The explicit position at which the custom-filter should be placed in the chain. Use if you are replacing a standard filter.
     attribute position {named-security-filter}
 
-named-security-filter = "FIRST" | "CHANNEL_FILTER" | "SECURITY_CONTEXT_FILTER" | "CONCURRENT_SESSION_FILTER" | "WEB_ASYNC_MANAGER_FILTER" | "HEADERS_FILTER" | "CSRF_FILTER" | "LOGOUT_FILTER" | "X509_FILTER" | "PRE_AUTH_FILTER" | "CAS_FILTER" | "FORM_LOGIN_FILTER" | "OPENID_FILTER" | "LOGIN_PAGE_FILTER" | "DIGEST_AUTH_FILTER" | "BASIC_AUTH_FILTER" | "REQUEST_CACHE_FILTER" | "SERVLET_API_SUPPORT_FILTER" | "JAAS_API_SUPPORT_FILTER" | "REMEMBER_ME_FILTER" | "ANONYMOUS_FILTER" | "SESSION_MANAGEMENT_FILTER" | "EXCEPTION_TRANSLATION_FILTER" | "FILTER_SECURITY_INTERCEPTOR" | "SWITCH_USER_FILTER" | "LAST"
+named-security-filter = "FIRST" | "CHANNEL_FILTER" | "SECURITY_CONTEXT_FILTER" | "CONCURRENT_SESSION_FILTER" | "WEB_ASYNC_MANAGER_FILTER" | "HEADERS_FILTER" | "CSRF_FILTER" | "LOGOUT_FILTER" | "X509_FILTER" | "PRE_AUTH_FILTER" | "CAS_FILTER" | "FORM_LOGIN_FILTER" | "OPENID_FILTER" | "LOGIN_PAGE_FILTER" | "DIGEST_AUTH_FILTER" | "BASIC_AUTH_FILTER" | "REQUEST_CACHE_FILTER" | "SERVLET_API_SUPPORT_FILTER" | "JAAS_API_SUPPORT_FILTER" | "REMEMBER_ME_FILTER" | "ANONYMOUS_FILTER" | "SESSION_MANAGEMENT_FILTER" | "EXCEPTION_TRANSLATION_FILTER" | "FILTER_SECURITY_INTERCEPTOR" | "SWITCH_USER_FILTER" | "LAST"

config/src/main/resources/org/springframework/security/config/spring-security-3.2.xsd

@@ -2314,7 +2314,8 @@
   </xs:attributeGroup>
   <xs:element name="cache-control">
       <xs:annotation>
-         <xs:documentation>Adds Cache-Control no-cache, no-store, must-revalidate and Pragma no-cache every URL
+         <xs:documentation>Adds Cache-Control no-cache, no-store, must-revalidate, Pragma no-cache, and Expires 0 for
+                every request
                 </xs:documentation>
       </xs:annotation>
       <xs:complexType/>

docs/manual/src/docbook/appendix-namespace.xml

@@ -265,7 +265,7 @@
                 It enables easy configuration for several headers and also allows for setting custom headers through
                 the <link linkend="nsa-header">header</link> element.
                 <itemizedlist>
-                    <listitem><literal>Cache-Control</literal> and <literal>Pragma</literal> - Can be set using the
+                    <listitem><literal>Cache-Control</literal>, <literal>Pragma</literal>, and <literal>Expires</literal> - Can be set using the
                         <link linkend="nsa-cache-control">cache-control</link> element. This ensures that the
                         browser does not cache your secured pages.</listitem>
                     <listitem><literal>Strict-Transport-Security</literal> - Can be set using the
@@ -306,8 +306,8 @@
         </section>
         <section xml:id="nsa-cache-control">
             <title><literal>&lt;cache-control&gt;</literal></title>
-            <para>Adds <literal>Cache-Control</literal> and <literal>Pragma</literal> headers to ensure that the
-                browser does not cache your secured pages.</para>
+            <para>Adds <literal>Cache-Control</literal>, <literal>Pragma</literal>, and <literal>Expires</literal>
+                headers to ensure that the browser does not cache your secured pages.</para>
             <section xml:id="nsa-cache-control-parents">
                 <title>Parent Elements of <literal>&lt;cache-control&gt;</literal></title>
                 <itemizedlist>

docs/manual/src/docbook/namespace-config.xml

@@ -642,7 +642,7 @@ List&lt;OpenIDAttribute> attributes = token.getAttributes();</programlisting>The
 <http ...>
     ...
     <headers>
-        <!-- Add Cache-Control and Pragma headers -->
+        <!-- Add Cache-Control, Pragma, and Expires headers -->
         <cache-control/>
         <!-- Add X-Content-Type-Options with value of nosniff -->
         <content-type-options/>