Skip to content

Add "credentialless" to CrossOriginEmbedderPolicy enum #16991

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
pgeyman opened this issue Apr 24, 2025 · 2 comments · May be fixed by #17027
Closed

Add "credentialless" to CrossOriginEmbedderPolicy enum #16991

pgeyman opened this issue Apr 24, 2025 · 2 comments · May be fixed by #17027
Assignees
@jzheaux
Labels
in: web An issue in web modules (web, webmvc) status: duplicate A duplicate of another issue type: enhancement A general enhancement

Comments

@pgeyman
Copy link

pgeyman commented Apr 24, 2025

The Cross-Origin-Embedder-Policy header now supports the additional value credentialless (https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cross-Origin-Embedder-Policy#credentialless), but the Spring Security enum CrossOriginEmbedderPolicy does not have this value, so it is not possible to configure via DSL.

The CrossOriginEmbedderPolicy should have the additional value for credentialless so it is configurable via DSL.

Currently this enum value does not exist, so we have to add custom code to add this Cross-Origin-Embedder-Policy: credentialless header, rather than using the DSL.
@pgeyman pgeyman added status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement labels Apr 24, 2025
@jzheaux
Copy link
Contributor

jzheaux commented Apr 28, 2025

Thanks, @pgeyman, for the suggestion. Are you able to open a PR to add it?

@jzheaux jzheaux added in: web An issue in web modules (web, webmvc) and removed status: waiting-for-triage An issue we've not yet triaged labels Apr 28, 2025
franticticktick added a commit to franticticktick/spring-security that referenced this issue May 1, 2025
@franticticktick
Add Support Credentialless COEP Header
abca162 
Closes spring-projectsgh-16991

Signed-off-by: Max Batischev <mblancer@mail.ru>
@franticticktick franticticktick mentioned this issue May 1, 2025
Open
franticticktick added a commit to franticticktick/spring-security that referenced this issue May 1, 2025
@franticticktick
Add Support Credentialless COEP Header
487c99d 
Closes spring-projectsgh-16991

Signed-off-by: Max Batischev <mblancer@mail.ru>
@jzheaux jzheaux self-assigned this May 1, 2025
@jzheaux
Copy link
Contributor

jzheaux commented May 1, 2025

Closed in favor of #17027

@jzheaux jzheaux closed this as completed May 1, 2025
@jzheaux jzheaux added the status: duplicate A duplicate of another issue label May 1, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jzheaux jzheaux

Labels
in: web An issue in web modules (web, webmvc) status: duplicate A duplicate of another issue type: enhancement A general enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add Support Credentialless COEP Header franticticktick/spring-security
2 participants
@jzheaux @pgeyman