apache 强制跳转HTTPS的问题解决

访问自己本地的网站，会出现强制跳转HTTPS的问题，首先看自己的代码，确定非代码问题， 非 SPRING 引起<intercept-url pattern="/**" requires-channel="https"/>，

非APACHE 配置443的原因。

经查是因为

HSTS（HTTP Strict Transport Security）国际互联网工程组织IETE正在推行一种新的Web安全协议

HSTS的作用是强制客户端（如浏览器）使用HTTPS与服务器创建连接。

那么需要去修改 APACHE 的配置文件 ，httpd.conf, 模块为 LoadModule headers_module modules/mod_headers.so 确认已开启

增加： Header set "Strict-Transport-Security" "maxage=0;includeSubDomains"

RequestHeader Directive

Description:	Configure HTTP request headers
Syntax:	RequestHeader set|append|merge|add|unset|edit header [value] [replacement] [early|env=[!]variable]
Context:	server config, virtual host, directory, .htaccess
Override:	FileInfo
Status:	Extension
Module:	mod_headers
Compatibility:	The merge argument is available in version 2.2.9 and later. The edit argument is available in version 2.2.4 and later.

This directive can replace, merge, change or remove HTTP request headers. The header is modified just before the content handler is run, allowing incoming headers to be modified. The action it performs is determined by the first argument. This can be one of the following values:

set

The request header is set, replacing any previous header with this name

append

The request header is appended to any existing header of the same name. When a new value is merged onto an existing header it is separated from the existing header with a comma. This is the HTTP standard way of giving a header multiple values.

merge

The request header is appended to any existing header of the same name, unless the value to be appended already appears in the existing header's comma-delimited list of values. When a new value is merged onto an existing header it is separated from the existing header with a comma. This is the HTTP standard way of giving a header multiple values. Values are compared in a case sensitive manner, and after all format specifiers have been processed. Values in double quotes are considered different from otherwise identical unquoted values.  Available in version 2.2.9 and later.

add

The request header is added to the existing set of headers, even if this header already exists. This can result in two (or more) headers having the same name. This can lead to unforeseen consequences, and in general  set,  append or  merge should be used instead.

unset

The request header of this name is removed, if it exists. If there are multiple headers of the same name, all will be removed.  value must be omitted.

edit

If this request header exists, its value is transformed according to a  regular expression search-and-replace. The  value argument is a  regular expression, and the replacement is a replacement string, which may contain backreferences.  Available in version 2.2.4 and later.

This argument is followed by a header name, which can include the final colon, but it is not required. Case is ignored. For set, append, merge and add a value is given as the third argument. If a value contains spaces, it should be surrounded by double quotes. For unset, no value should be given. value may be a character string, a string containing format specifiers or a combination of both. The supported format specifiers are the same as for the Header, please have a look there for details. Foredit both a value and a replacement are required, and are a regular expression and a replacement string respectively.

The RequestHeader directive may be followed by an additional argument, which may be used to specify conditions under which the action will be taken, or may be the keyword early to specify early processing. If the environment variable specified in the env=... argument exists (or if the environment variable does not exist andenv=!... is specified) then the action specified by the RequestHeader directive will take effect. Otherwise, the directive will have no effect on the request.

Except in early mode, the RequestHeader directive is processed just before the request is run by its handler in the fixup phase. This should allow headers generated by the browser, or by Apache input filters to be overridden or modified.

RequestHeader Directive

Description:	Configure HTTP request headers
Syntax:	RequestHeader set|append|merge|add|unset|edit header [value] [replacement] [early|env=[!]variable]
Context:	server config, virtual host, directory, .htaccess
Override:	FileInfo
Status:	Extension
Module:	mod_headers
Compatibility:	The merge argument is available in version 2.2.9 and later. The edit argument is available in version 2.2.4 and later.

This directive can replace, merge, change or remove HTTP request headers. The header is modified just before the content handler is run, allowing incoming headers to be modified. The action it performs is determined by the first argument. This can be one of the following values:

set

The request header is set, replacing any previous header with this name

append

The request header is appended to any existing header of the same name. When a new value is merged onto an existing header it is separated from the existing header with a comma. This is the HTTP standard way of giving a header multiple values.

merge

The request header is appended to any existing header of the same name, unless the value to be appended already appears in the existing header's comma-delimited list of values. When a new value is merged onto an existing header it is separated from the existing header with a comma. This is the HTTP standard way of giving a header multiple values. Values are compared in a case sensitive manner, and after all format specifiers have been processed. Values in double quotes are considered different from otherwise identical unquoted values.  Available in version 2.2.9 and later.

add

The request header is added to the existing set of headers, even if this header already exists. This can result in two (or more) headers having the same name. This can lead to unforeseen consequences, and in general  set,  append or  merge should be used instead.

unset

The request header of this name is removed, if it exists. If there are multiple headers of the same name, all will be removed.  value must be omitted.

edit

If this request header exists, its value is transformed according to a  regular expression search-and-replace. The  value argument is a  regular expression, and the replacement is a replacement string, which may contain backreferences.  Available in version 2.2.4 and later.

This argument is followed by a header name, which can include the final colon, but it is not required. Case is ignored. For set, append, merge and add a value is given as the third argument. If a value contains spaces, it should be surrounded by double quotes. For unset, no value should be given. value may be a character string, a string containing format specifiers or a combination of both. The supported format specifiers are the same as for the Header, please have a look there for details. Foredit both a value and a replacement are required, and are a regular expression and a replacement string respectively.

The RequestHeader directive may be followed by an additional argument, which may be used to specify conditions under which the action will be taken, or may be the keyword early to specify early processing. If the environment variable specified in the env=... argument exists (or if the environment variable does not exist andenv=!... is specified) then the action specified by the RequestHeader directive will take effect. Otherwise, the directive will have no effect on the request.

Except in early mode, the RequestHeader directive is processed just before the request is run by its handler in the fixup phase. This should allow headers generated by the browser, or by Apache input filters to be overridden or modified.