fix: enable hsts (#2565)

Signed-off-by: achmelo <[email protected]> Signed-off-by: achmelo <[email protected]>
zowe · Sep 1, 2022 · 4cffe97 · 4cffe97
1 parent 23bed56
commit 4cffe97
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/...ervice/src/main/java/org/zowe/apiml/gateway/security/config/NewSecurityConfiguration.java b/...ervice/src/main/java/org/zowe/apiml/gateway/security/config/NewSecurityConfiguration.java
@@ -620,7 +620,7 @@ protected HttpSecurity baseConfigure(HttpSecurity http) throws Exception {
         return http
             .cors()
             .and().csrf().disable()    // NOSONAR we are using SAMESITE cookie to mitigate CSRF
-            .headers().httpStrictTransportSecurity().disable()
+            .headers().httpStrictTransportSecurity().and()
             .frameOptions().disable()
             .and().exceptionHandling().authenticationEntryPoint(handlerInitializer.getBasicAuthUnauthorizedHandler())
             .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)