Merge pull request #227 from xdev-software/develop

Release

Author: AB-xdev

CHANGELOG.md

@@ -1,5 +1,5 @@
-# 1.5.1
-* Fix HSTS customization logic not working as expected
+# 1.5.2
+* Improve default HSTS customization logic
 
 # 1.5.0
 * Vaadin

web/src/main/java/software/xdev/sse/web/hsts/DefaultHstsApplier.java

@@ -50,11 +50,21 @@ public DefaultHstsApplier(
 		final HstsConfig config,
 		@Nullable final Ssl ssl)
 	{
-		this.enabled = Boolean.TRUE.equals(config.isEnabled())
-			|| ssl != null && ssl.isEnabled();
+		this.enabled = determineIfEnabled(config, ssl);
 		LOG.debug("HSTS enabled={}", this.enabled);
 	}
 
+	protected static boolean determineIfEnabled(
+		final HstsConfig config,
+		@Nullable final Ssl ssl)
+	{
+		if(config != null && config.isEnabled() != null)
+		{
+			return config.isEnabled();
+		}
+		return ssl != null && ssl.isEnabled();
+	}
+	
 	@Override
 	public HeadersConfigurer<HttpSecurity> apply(final HeadersConfigurer<HttpSecurity> c)
 	{