KEMBAR78
#2975-Suggestion-Add-Permissions-Policy-as-configurable-option-to-Sec… by joerg-richter-5234 · Pull Request #3353 · spring-cloud/spring-cloud-gateway · GitHub
Skip to content

#2975-Suggestion-Add-Permissions-Policy-as-configurable-option-to-Sec… #3353

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Apr 8, 2025
Merged

#2975-Suggestion-Add-Permissions-Policy-as-configurable-option-to-Sec… #3353

merged 2 commits into from
Apr 8, 2025

Conversation

@joerg-richter-5234
Copy link
Contributor

Added Permissions-Policy header as opt-in feature in SecureHeaders-GatewayFilter

Permissions Policy is a security header that allows web developers to manage which browser features a website can utilize.
It is an opt-in header and has to be enabled. When enabled, it applies a default that disables a comprehensive list of features.
It is recommended to configure this header to the respective environment and use case.

The documentation was updated to include information about Permissions-Policy and further resources.
The test suite was updated to include Permission-Policy.

Fixes gh-2975

ryanjbaxter
ryanjbaxter reviewed Mar 13, 2025
View reviewed changes
Copy link
Contributor

@ryanjbaxter ryanjbaxter left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would there be any value in allowing to configure permissions policies on a per route basis?

Can you resolve the merge conflicts?

@joerg-richter-5234
Copy link
Contributor Author

Sure. let me tackle the conflicts. About route based configuration - I'll look into it.

@ryanjbaxter
Copy link
Contributor

Thanks!

@joerg-richter-5234 joerg-richter-5234 force-pushed the #2975-Suggestion-Add-Permissions-Policy-as-configurable-option-to-SecureHeaders-GatewayFilter branch from 45ccbb1 to 2fad422 Compare March 17, 2025 18:16
@joerg-richter-5234
Copy link
Contributor Author

I addressed the merge conflicts. I need some time to get back into the project regarding route based configuration.

@ryanjbaxter
Copy link
Contributor

Thanks. Also make sure you sign your commit so the DCO check passes.

@joerg-richter-5234 joerg-richter-5234 force-pushed the #2975-Suggestion-Add-Permissions-Policy-as-configurable-option-to-SecureHeaders-GatewayFilter branch 2 times, most recently from cc7a36f to c2698d6 Compare March 23, 2025 07:55
@joerg-richter-5234 joerg-richter-5234 force-pushed the #2975-Suggestion-Add-Permissions-Policy-as-configurable-option-to-SecureHeaders-GatewayFilter branch from c2698d6 to c4b7405 Compare March 31, 2025 20:30
@joerg-richter-5234
Copy link
Contributor Author

joerg-richter-5234 commented Mar 31, 2025
edited
Loading

I introduced the option to configure default security headers and permissions-policy on a per route basis. I would like to do a bit more testing / cleanup, but it behaved fair so far.

@ryanjbaxter
Copy link
Contributor

Sounds good, let me know when you think it is ready to review

@ryanjbaxter
Copy link
Contributor

There are some checkstyle errors and also there are a lot of public method signature changes. We cannot change public method and class signatures in a minor release.

@joerg-richter-5234 joerg-richter-5234 force-pushed the #2975-Suggestion-Add-Permissions-Policy-as-configurable-option-to-SecureHeaders-GatewayFilter branch from 9eef8e7 to 81994f3 Compare April 7, 2025 20:10
@joerg-richter-5234
spring-cloud#2975-Suggestion-Add-Permissions-Policy-as-configurable-o…
85ab7d9 
…ption-to-SecureHeaders-GatewayFilter

- added Permissions-Policy header as an opt-in header & default value
- updated documentation with Permissions-Policy and resources
- updated tests to include Permissions-Policy
- SecurityHeaders and Permissions-Policy may be configured globally / per route
- updated structure of public methods and class members to match previous version structure

Fixes spring-cloudgh-2975

Signed-off-by: Jörg Richter <96986086+joerg-richter-5234@users.noreply.github.com>
@joerg-richter-5234 joerg-richter-5234 force-pushed the #2975-Suggestion-Add-Permissions-Policy-as-configurable-option-to-SecureHeaders-GatewayFilter branch from 81994f3 to 85ab7d9 Compare April 7, 2025 20:19
@joerg-richter-5234
Copy link
Contributor Author

I tidied up the checkstyle hints & checked that the structure remains compatible. This means that e.g. that i re-introduced public constants in SecureHeadersGatewayFilterFactory that i previously moved. Apart from that i appreciate any specifics you can provide.

@joerg-richter-5234
Merge branch 'spring-cloud:main' into spring-cloud#2975-Suggestion-Ad…
7bc8f72 
…d-Permissions-Policy-as-configurable-option-to-SecureHeaders-GatewayFilter
@ryanjbaxter ryanjbaxter merged commit a2b86a2 into spring-cloud:main Apr 8, 2025
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ryanjbaxter ryanjbaxter ryanjbaxter left review comments

Assignees

No one assigned

Labels

waiting for feedback

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add Permissions-Policy as configurable option to SecureHeaders GatewayFilter

3 participants

@joerg-richter-5234 @ryanjbaxter @spring-cloud-issues