Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-24 13:02:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add Support Credentialless COEP Header

Browse Source 
Closes gh-16991

Signed-off-by: Max Batischev <mblancer@mail.ru>
This commit is contained in:
Max Batischev 2025-05-13 16:00:59 +03:00 committed by Josh Cummings
parent 9ba5c7b2ce
commit f4b8e2421a
4 changed files with 10 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
config/src/main/resources/org/springframework/security/config/spring-security-7.0.rnc
View File

@ -1308,7 +1308,7 @@ cross-origin-embedder-policy =
element cross-origin-embedder-policy {cross-origin-embedder-policy-options.attlist,empty}
cross-origin-embedder-policy-options.attlist &=
## The policies for the Cross-Origin-Embedder-Policy header.
attribute policy {"unsafe-none","require-corp"}?
attribute policy {"unsafe-none","require-corp", "credentialless"}?
cross-origin-resource-policy =
## Adds support for Cross-Origin-Resource-Policy header

1
config/src/main/resources/org/springframework/security/config/spring-security-7.0.xsd
View File

@ -3668,6 +3668,7 @@
<xs:restriction base="xs:token">
<xs:enumeration value="unsafe-none"/>
<xs:enumeration value="require-corp"/>
<xs:enumeration value="credentialless"/>
</xs:restriction>
</xs:simpleType>
</xs:attribute>

6
web/src/main/java/org/springframework/security/web/header/writers/CrossOriginEmbedderPolicyHeaderWriter.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2021 the original author or authors.
* Copyright 2002-2025 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -58,7 +58,9 @@ public final class CrossOriginEmbedderPolicyHeaderWriter implements HeaderWriter
UNSAFE_NONE("unsafe-none"),
REQUIRE_CORP("require-corp");
REQUIRE_CORP("require-corp"),
CREDENTIALLESS("credentialless");
private final String policy;

6
web/src/main/java/org/springframework/security/web/server/header/CrossOriginEmbedderPolicyServerHttpHeadersWriter.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2021 the original author or authors.
* Copyright 2002-2025 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -61,7 +61,9 @@ public final class CrossOriginEmbedderPolicyServerHttpHeadersWriter implements S
UNSAFE_NONE("unsafe-none"),
REQUIRE_CORP("require-corp");
REQUIRE_CORP("require-corp"),
CREDENTIALLESS("credentialless");
private final String policy;