Fix HeadersConfigurer#permissionsPolicy method with customizer #14839
Conversation
|
@marcusdacoregio finally I recreate a new branch as I got some conflicts when rebasing to 5.8.x branch. |
spring-projects-issues
added
the
status: waiting-for-triage
There was a problem hiding this comment.
@florianberthe thank you for the PR. Since there is a simple workaround and also no way to make this binary compatible, let's please make this change on main instead of 5.8.x. I've left more details in my inline comment.
UPDATE - I see that @marcusdacoregio advised something different on an earlier PR. Please wait on my suggestions until we are both aligned.
| * @since 5.5 | ||
| * @see PermissionsPolicyHeaderWriter | ||
| */ | ||
| public PermissionsPolicyConfig permissionsPolicy(Customizer<PermissionsPolicyConfig> permissionsPolicyCustomizer) { | ||
| public HeadersConfigurer<H> permissionsPolicy(Customizer<PermissionsPolicyConfig> permissionsPolicyCustomizer) { |
There was a problem hiding this comment.
While certainly a bug, we cannot change the return type of a public method and remain binary compatible. And given that this has been in place for a few years now and that there is a simple workaround, I hesitate to make a change this aggressive.
Let's instead introduce a new method and deprecate this one. Perhaps permissionsPolicyHeader would be an appropriate name. We can remove permissionsPolicy in Spring Security 7.
There was a problem hiding this comment.
I understand your point of view but permissionsPolicyHeader name doesn't seem to be coherent with other "DSL" methods remaining in Spring Security 7. Would you keep this incoherence in Spring Security 7 ? Unless you will rename other DSL methods with same convention.
There was a problem hiding this comment.
I will wait your thoughts 😄
There was a problem hiding this comment.
Hi @jzheaux have you seen my comments above?
jzheaux
added
in: config
Closes gh-14803