Skip to content

Add Cross-Origin-Resource-Policy security header #10118

New issue
New issue
Closed
Closed
Add Cross-Origin-Resource-Policy security header#10118
Assignees
marcusdacoregio
Labels
in: configAn issue in spring-security-configtype: enhancementA general enhancement
Milestone
5.7.0-M1
@marcusdacoregio

Description

@marcusdacoregio
marcusdacoregio
opened on Jul 19, 2021

Related #9385

Expected Behavior

Allow to add Cross-Origin-Resource-Policy header via dsl and xml.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Cross-Origin_Resource_Policy_(CORP)

Current Behavior

Currently those headers can only be provided via custom headers.

Context
When Cross-Origin-Embedder-Policy is set to require-corp, and if a cross origin resource supports CORS, the crossorigin attribute or the Cross-Origin-Resource-Policy header must be used to load it without being blocked by COEP.
So when adding the support for Cross-Origin-Embedder-Policy we should also add support for Cross-Origin-Resource-Policy via dsl and xml.

Metadata

Metadata

Assignees

Labels

in: configAn issue in spring-security-configtype: enhancementA general enhancement

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions