From 98af8d11238128d0c98bd2fe647af8860e6f9399 Mon Sep 17 00:00:00 2001 From: Marcus Hert Da Coregio Date: Mon, 29 Jul 2024 09:26:42 -0300 Subject: [PATCH] Add permissionsPolicyHeader This method is a replacement of `permissionsPolicy(Customizer)` that returns its own configurer instead of `HeadersConfigurer`. Closes gh-14803 --- .../web/configurers/HeadersConfigurer.java | 29 +++++++++++++++++-- 1 file changed, 27 insertions(+), 2 deletions(-) diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java index 8707948579..ac9d151dd7 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2023 the original author or authors. + * Copyright 2002-2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -584,7 +584,7 @@ public class HeadersConfigurer> * * @return the {@link PermissionsPolicyConfig} for additional configuration * @since 5.5 - * @deprecated For removal in 7.0. Use {@link #permissionsPolicy(Customizer)} or + * @deprecated For removal in 7.0. Use {@link #permissionsPolicyHeader(Customizer)} or * {@code permissionsPolicy(Customizer.withDefaults())} to stick with defaults. See * the documentation @@ -611,13 +611,38 @@ public class HeadersConfigurer> * @throws IllegalArgumentException if policyDirectives is {@code null} or empty * @since 5.5 * @see PermissionsPolicyHeaderWriter + * @deprecated For removal in 7.0. Use {@link #permissionsPolicyHeader(Customizer)} + * instead */ + @Deprecated(since = "6.4", forRemoval = true) public PermissionsPolicyConfig permissionsPolicy(Customizer permissionsPolicyCustomizer) { this.permissionsPolicy.writer = new PermissionsPolicyHeaderWriter(); permissionsPolicyCustomizer.customize(this.permissionsPolicy); return this.permissionsPolicy; } + /** + * Allows configuration for + * Permissions + * Policy. + *

+ * Calling this method automatically enables (includes) the {@code Permissions-Policy} + * header in the response using the supplied policy directive(s). + *

+ * Configuration is provided to the {@link PermissionsPolicyHeaderWriter} which is + * responsible for writing the header. + * @return the {@link PermissionsPolicyConfig} for additional configuration + * @throws IllegalArgumentException if policyDirectives is {@code null} or empty + * @since 6.4 + * @see PermissionsPolicyHeaderWriter + */ + public HeadersConfigurer permissionsPolicyHeader( + Customizer permissionsPolicyCustomizer) { + this.permissionsPolicy.writer = new PermissionsPolicyHeaderWriter(); + permissionsPolicyCustomizer.customize(this.permissionsPolicy); + return this; + } + /** * Allows configuration for