Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Cross-Origin-Resource-Policy security header #10118

Closed
marcusdacoregio opened this issue Jul 19, 2021 · 1 comment
Closed

Add Cross-Origin-Resource-Policy security header #10118

marcusdacoregio opened this issue Jul 19, 2021 · 1 comment
Assignees
@marcusdacoregio
Labels
in: config An issue in spring-security-config type: enhancement A general enhancement
Milestone
5.7.0-M1

Comments

@marcusdacoregio
Copy link
Contributor

Related #9385

Expected Behavior

Allow to add Cross-Origin-Resource-Policy header via dsl and xml.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Cross-Origin_Resource_Policy_(CORP)

Current Behavior

Currently those headers can only be provided via custom headers.

Context
When Cross-Origin-Embedder-Policy is set to require-corp, and if a cross origin resource supports CORS, the crossorigin attribute or the Cross-Origin-Resource-Policy header must be used to load it without being blocked by COEP.
So when adding the support for Cross-Origin-Embedder-Policy we should also add support for Cross-Origin-Resource-Policy via dsl and xml.
@marcusdacoregio marcusdacoregio added in: config An issue in spring-security-config type: enhancement A general enhancement labels Jul 19, 2021
@marcusdacoregio marcusdacoregio self-assigned this Jul 19, 2021
@marcusdacoregio marcusdacoregio mentioned this issue Jul 27, 2021
Merged
marcusdacoregio added a commit to marcusdacoregio/spring-security that referenced this issue Dec 7, 2021
@marcusdacoregio
Add Cross Origin Policies headers
aa3ee9d 
Add DSL support for Cross-Origin-Opener-Policy, Cross-Origin-Embedder-Policy and Cross-Origin-Resource-Policy headers

Closes spring-projectsgh-9385, spring-projectsgh-10118
eleftherias pushed a commit that referenced this issue Dec 7, 2021
@marcusdacoregio @eleftherias
Add Cross Origin Policies headers
65426a4 
Add DSL support for Cross-Origin-Opener-Policy, Cross-Origin-Embedder-Policy and Cross-Origin-Resource-Policy headers

Closes gh-9385, gh-10118
@eleftherias
Copy link
Contributor

Closed via #10141

@eleftherias eleftherias added this to the 5.7.0-M1 milestone Dec 7, 2021
eleftherias pushed a commit that referenced this issue Dec 8, 2021
@marcusdacoregio @eleftherias
Add Cross Origin Policies headers
0beb725 
Add DSL support for Cross-Origin-Opener-Policy, Cross-Origin-Embedder-Policy and Cross-Origin-Resource-Policy headers

Closes gh-9385, gh-10118
eleftherias added a commit that referenced this issue Dec 8, 2021
@eleftherias
Correct imports to jakarta
c68a75b 
Issue gh-9385, gh-10118
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@marcusdacoregio marcusdacoregio

Labels
in: config An issue in spring-security-config type: enhancement A general enhancement
Projects
None yet
Milestone
5.7.0-M1
Development

No branches or pull requests
2 participants
@eleftherias @marcusdacoregio