search

spring-projects / spring-boot

Spring Boot helps you to create Spring-powered, production-grade applications and services with absolute minimum fuss.
https://spring.io/projects/spring-boot
Apache License 2.0
75.22k stars 40.7k forks source link

Improve documentation about enforcing HTTPS #6820

Open imod opened 8 years ago

imod commented 8 years ago

Please enhance the documentation on how to properly enforce HTTPS on cloudfoundry...

[1] only describes some aspects when using tomcat behind a proxy and does not talk about enforcing HTTPS, and what about undertow and jetty?

It seems the only way to really enforce is to use a WebSecurityConfigurerAdapter and call http.requiresChannel().anyRequest().requiresSecure() - but this means I have to explicitly disable for local development.

edit: [1] http://docs.spring.io/spring-boot/docs/current/reference/html/howto-embedded-servlet-containers.html#howto-customize-tomcat-behind-a-proxy-server

wilkinsona commented 8 years ago

@lmod What was [1] intended to link to?

imod commented 8 years ago

@wilkinsona sorry! I added the link now

wilkinsona commented 5 years ago

See also #15046.