Updated docs

Author: AB-xdev

demo/webapp-vaadin/src/main/java/software/xdev/sse/demo/security/MainWebSecurity.java

@@ -52,7 +52,7 @@ protected SecurityFilterChain mainSecurityFilterChain(
 				))))
 			// Permission-Policy removed as it's not supported by browsers (besides Chrome)
 			// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy#browser_compatibility
-			.headers(c -> hstsApplier.apply(c)
+			.headers(h -> hstsApplier.apply(h)
 				.contentSecurityPolicy(p -> p.policyDirectives(cspGenerator.buildCSP()))
 				// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
 				.contentTypeOptions(Customizer.withDefaults())

vaadin/README.md

@@ -27,10 +27,12 @@ public class MainWebSecurity
         final OAuth2RefreshFilter oAuth2RefreshFilter,
         final CSPGenerator cspGenerator,
         final CookieBasedRememberRedirectOAuth2LoginProvider rememberLoginProvider,
-        final OAuth2LoginUrlStoreAdapter oAuth2LoginUrlStoreAdapter) throws Exception
+        final OAuth2LoginUrlStoreAdapter oAuth2LoginUrlStoreAdapter,
+        final HstsApplier hstsApplier)
+        throws Exception
     {
         http
-            .headers(c -> c
+            .headers(h -> hstsApplier.apply(h)
                 .contentSecurityPolicy(p -> p.policyDirectives(cspGenerator.buildCSP()))
                 .contentTypeOptions(Customizer.withDefaults())
                 .referrerPolicy(p -> p.policy(ReferrerPolicyHeaderWriter.ReferrerPolicy.SAME_ORIGIN)))