Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add permissionsPolicy header in HeadersConfigurers #9262

Closed
kris2kris opened this issue Dec 4, 2020 · 4 comments
Closed

Add permissionsPolicy header in HeadersConfigurers #9262

kris2kris opened this issue Dec 4, 2020 · 4 comments
Assignees
@eleftherias @kris2kris
Labels
in: web An issue in web modules (web, webmvc) status: ideal-for-contribution An issue that we actively are looking for someone to help us with type: enhancement A general enhancement
Milestone
5.5.0-M2

Comments

@kris2kris
Copy link
Contributor

Hello,

The http header Feature-Policy has been renamed to Permissions-Policy (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy).
HeadersConfigurers must be changed to add the correct header.

Kind regards
Chris
@kris2kris kris2kris added status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement labels Dec 4, 2020
@eleftherias eleftherias added in: web An issue in web modules (web, webmvc) and removed status: waiting-for-triage An issue we've not yet triaged labels Dec 4, 2020
@eleftherias
Copy link
Contributor

Thanks @kris2kris.

Instead of replacing feature-policy, we should allow both feature-policy and permissions-policy for backwards compatibility.

Are you interested in creating a pull request to add the feature-policy header to the configurer?

@eleftherias eleftherias added the status: ideal-for-contribution An issue that we actively are looking for someone to help us with label Dec 4, 2020
@eleftherias eleftherias changed the title Replace featurePolicy by permissionsPolicy in HeadersConfigurers Add permissionsPolicy header in HeadersConfigurers Dec 4, 2020
@kris2kris
Copy link
Contributor Author

kris2kris commented Dec 4, 2020
edited

Hi @eleftherias

I was not sure between replace or add because it could be a security problem if people are not aware that their headers are not correct... but I'm ok to not remove feature-policy
I will make a pull request when I can, probably this weekend

@eleftherias
Copy link
Contributor

Thanks @kris2kris!

We can deprecate feature-policy and add a warning to let users know that they should use permissions-policy instead.

Feel free to reach out if you have any questions.

@kris2kris kris2kris mentioned this issue Dec 5, 2020
Merged
@eleftherias eleftherias added this to the 5.5.0-M2 milestone Dec 11, 2020
@eleftherias
Copy link
Contributor

Closed via #9265

jzheaux added a commit that referenced this issue Apr 29, 2021
@jzheaux
Update permission-policy Docs
fc6fa79 
Issue gh-9262
eleftherias added a commit that referenced this issue May 19, 2021
@eleftherias
Deprecate feature-policy where not already deprecated
fa77f4c 
Issue gh-9262
@vpavic vpavic mentioned this issue Jun 25, 2021
Closed
akohli96 pushed a commit to akohli96/spring-security that referenced this issue Aug 25, 2021
@jzheaux
Update permission-policy Docs
258ccdc 
Issue spring-projectsgh-9262
akohli96 pushed a commit to akohli96/spring-security that referenced this issue Aug 25, 2021
@eleftherias
Deprecate feature-policy where not already deprecated
526ae79 
Issue spring-projectsgh-9262
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@eleftherias eleftherias

@kris2kris kris2kris

Labels
in: web An issue in web modules (web, webmvc) status: ideal-for-contribution An issue that we actively are looking for someone to help us with type: enhancement A general enhancement
Projects
None yet
Milestone
5.5.0-M2
Development

No branches or pull requests
2 participants
@eleftherias @kris2kris