Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-07-04 09:42:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add permissionsPolicyHeader

Browse Source 
This method is a replacement of `permissionsPolicy(Customizer)` that returns its own configurer instead of `HeadersConfigurer`.

Closes gh-14803
This commit is contained in:
Marcus Hert Da Coregio 2024-07-29 09:26:42 -03:00
parent 27cc06bbdf
commit 98af8d1123
1 changed files with 27 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2023 the original author or authors. * Copyright 2002-2024 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -584,7 +584,7 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
* </ul> * </ul>
* @return the {@link PermissionsPolicyConfig} for additional configuration * @return the {@link PermissionsPolicyConfig} for additional configuration
* @since 5.5 * @since 5.5
* @deprecated For removal in 7.0. Use {@link #permissionsPolicy(Customizer)} or * @deprecated For removal in 7.0. Use {@link #permissionsPolicyHeader(Customizer)} or
* {@code permissionsPolicy(Customizer.withDefaults())} to stick with defaults. See * {@code permissionsPolicy(Customizer.withDefaults())} to stick with defaults. See
* the <a href= * the <a href=
* "https://docs.spring.io/spring-security/reference/migration-7/configuration.html#_use_the_lambda_dsl">documentation</a> * "https://docs.spring.io/spring-security/reference/migration-7/configuration.html#_use_the_lambda_dsl">documentation</a>
@ -611,13 +611,38 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
* @throws IllegalArgumentException if policyDirectives is {@code null} or empty * @throws IllegalArgumentException if policyDirectives is {@code null} or empty
* @since 5.5 * @since 5.5
* @see PermissionsPolicyHeaderWriter * @see PermissionsPolicyHeaderWriter
* @deprecated For removal in 7.0. Use {@link #permissionsPolicyHeader(Customizer)}
* instead
*/ */
@Deprecated(since = "6.4", forRemoval = true)
public PermissionsPolicyConfig permissionsPolicy(Customizer<PermissionsPolicyConfig> permissionsPolicyCustomizer) { public PermissionsPolicyConfig permissionsPolicy(Customizer<PermissionsPolicyConfig> permissionsPolicyCustomizer) {
this.permissionsPolicy.writer = new PermissionsPolicyHeaderWriter(); this.permissionsPolicy.writer = new PermissionsPolicyHeaderWriter();
permissionsPolicyCustomizer.customize(this.permissionsPolicy); permissionsPolicyCustomizer.customize(this.permissionsPolicy);
return this.permissionsPolicy; return this.permissionsPolicy;
} }
/**
* Allows configuration for
* <a href="https://w3c.github.io/webappsec-permissions-policy/"> Permissions
* Policy</a>.
* <p>
* Calling this method automatically enables (includes) the {@code Permissions-Policy}
* header in the response using the supplied policy directive(s).
* <p>
* Configuration is provided to the {@link PermissionsPolicyHeaderWriter} which is
* responsible for writing the header.
* @return the {@link PermissionsPolicyConfig} for additional configuration
* @throws IllegalArgumentException if policyDirectives is {@code null} or empty
* @since 6.4
* @see PermissionsPolicyHeaderWriter
*/
public HeadersConfigurer<H> permissionsPolicyHeader(
Customizer<PermissionsPolicyConfig> permissionsPolicyCustomizer) {
this.permissionsPolicy.writer = new PermissionsPolicyHeaderWriter();
permissionsPolicyCustomizer.customize(this.permissionsPolicy);
return this;
}
/** /**
* Allows configuration for <a href= * Allows configuration for <a href=
* "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Opener-Policy"> * "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Opener-Policy">