eozmen410 commented on pull request #442: URL: https://github.com/apache/wicket/pull/442#issuecomment-673966055
Hi @martin-g , @svenmeier ! > How about this idea: add the CoopConfiguration and CoepConfiguration as fields in SecuritySettings. add third mode DISABLED to the existing ones (ENFORCING and REPORTING) in Application#initApplication() add some logic to auto-add the Coop/Coep listener(s) when they are enabled This way the developer will have to configure the security settings and don't bother how they are applied. We made the changes suggested by @martin-g in the comment above. Now the config objects live in `SecuritySettings` and users can use the setter methods to configure COOP and COEP. I've also renamed the configs to have longer names to avoid any confusion between the acronyms! If the configs are not `DISABLED` the listeners are added automatically in `Application#initApplication()`. Users can use the following lines in the `init()` method to enable COOP or COEP. ``` getSecuritySettings().setCrossOriginOpenerPolicyConfiguration(CoopMode.SAME_ORIGIN, "exemptions"); getSecuritySettings().setCrossOriginEmbedderPolicyConfiguration(CoepMode.ENFORCING, "exemptions"); ``` ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org