I need to enable HSTS in my Spring-boot application, after adding suggested code (helped by stackoverflow) when i make a https call I get o.apache.coyote.http11.Http11Processor : Error parsing HTTP request header
Spring-boot version 2.7.13
properties: server.ssl.enabled=true server.ssl.protocol=TLS server.ssl.enabled-protocols=TLSv1.2`
I have added in a configuration class:
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception
{
http.headers()
.httpStrictTransportSecurity()
.requestMatcher(AnyRequestMatcher.INSTANCE)
;
return http.build();
}
When I try https://localhost:8086/hello
it yields `
2023-08-09 10:45:30.408 DEBUG 19368 --- [nio-8086-exec-3] o.a.coyote.http11.Http11InputBuffer : Received [ üïs©K~8>LØÒHÙT·án%K>J¸´(ØÄ ÿDè¸N¶AÈ|âY`hdéKwô¬ý|jð ÊÊÀ+À/À,À0̨̩ÀÀ / 5 úú
3 + ) éÚU}gËXô#¸Ù5¡úZºLUá]ÿ¥ijÒ[ - ÿ Di h2 # localhost hhttp/1.1êê Ì ]
2023-08-09 10:45:30.408 DEBUG 19368 --- [nio-8086-exec-3] o.apache.coyote.http11.Http11Processor : Error parsing HTTP request header
java.lang.IllegalArgumentException: Invalid character found in method name [0x160x030x010x020x000x010x000x010xfc0x030x030xefs0xa9K~0x168>L0xd80xd2H0x0c0xd90x0c0x9aT0xb70xe1n%K>J0xb80x110x170xb40x07(0xd80xc4 ]. HTTP method names must be tokens
at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:407) ~[tomcat-embed-core-9.0.76.jar:9.0.76]
` the same http request http://localhost:8086/hello
works as expected. Note that I have no http redirection, at some point I will add
http.requiresChannel().anyRequest().requiresSecure();
as I do not want http support.