Merge pull request #225 from xdev-software/develop

Release

Author: AB-xdev

CHANGELOG.md

@@ -1,3 +1,6 @@
+# 1.5.1
+* Fix HSTS customization logic not working as expected
+
 # 1.5.0
 * Vaadin
   * Made the way `HttpSecurity#securityMatcher` is applied in Sidecars customizable #221

web/src/main/java/software/xdev/sse/web/hsts/DefaultHstsApplier.java

@@ -17,6 +17,8 @@
 
 import jakarta.annotation.Nullable;
 
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.boot.web.server.Ssl;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
@@ -40,14 +42,17 @@
  */
 public class DefaultHstsApplier implements HstsApplier
 {
+	private static final Logger LOG = LoggerFactory.getLogger(DefaultHstsApplier.class);
+	
 	protected final boolean enabled;
 
 	public DefaultHstsApplier(
 		final HstsConfig config,
 		@Nullable final Ssl ssl)
 	{
-		this.enabled = !Boolean.FALSE.equals(config.isEnabled()) // true or null
+		this.enabled = Boolean.TRUE.equals(config.isEnabled())
 			|| ssl != null && ssl.isEnabled();
+		LOG.debug("HSTS enabled={}", this.enabled);
 	}
 
 	@Override