New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix HeadersConfigurer#permissionsPolicy method with customizer #14839
base: 5.8.x
Are you sure you want to change the base?
Conversation
@marcusdacoregio finally I recreate a new branch as I got some conflicts when rebasing to 5.8.x branch. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@florianberthe thank you for the PR. Since there is a simple workaround and also no way to make this binary compatible, let's please make this change on main
instead of 5.8.x
. I've left more details in my inline comment.
UPDATE - I see that @marcusdacoregio advised something different on an earlier PR. Please wait on my suggestions until we are both aligned.
* @since 5.5 | ||
* @see PermissionsPolicyHeaderWriter | ||
*/ | ||
public PermissionsPolicyConfig permissionsPolicy(Customizer<PermissionsPolicyConfig> permissionsPolicyCustomizer) { | ||
public HeadersConfigurer<H> permissionsPolicy(Customizer<PermissionsPolicyConfig> permissionsPolicyCustomizer) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
While certainly a bug, we cannot change the return type of a public method and remain binary compatible. And given that this has been in place for a few years now and that there is a simple workaround, I hesitate to make a change this aggressive.
Let's instead introduce a new method and deprecate this one. Perhaps permissionsPolicyHeader
would be an appropriate name. We can remove permissionsPolicy
in Spring Security 7.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I understand your point of view but permissionsPolicyHeader
name doesn't seem to be coherent with other "DSL" methods remaining in Spring Security 7. Would you keep this incoherence in Spring Security 7 ? Unless you will rename other DSL methods with same convention.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I will wait your thoughts 😄
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @jzheaux have you seen my comments above?
Closes gh-14803