[jira] [Work logged] (WW-5083) Fetch Metadata support

Sun, 26 Jul 2020 10:19:11 -0700 


     [ 
https://issues.apache.org/jira/browse/WW-5083?focusedWorklogId=463375&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-463375
 ]

ASF GitHub Bot logged work on WW-5083:
--------------------------------------

                Author: ASF GitHub Bot
            Created on: 26/Jul/20 17:18
            Start Date: 26/Jul/20 17:18
    Worklog Time Spent: 10m 
      Work Description: JCgH4164838Gh792C124B5 opened a new pull request #428:
URL: https://github.com/apache/struts/pull/428


   WW-5083 PR#426 follow-up.
   - Updated ResourceIsolationPolicy Sec-Fetch* header cases to match spec.
   - Added the Sec-Fetch-User header, plus additional dest/site/mode values  
from the spec.
   - Renamed ResourceIsolationPolicy interface constants to follow the naming 
convention that was already present.
   - Made StrutsResourceIsolationPolicy checks case-insensitive (even if 
specification says things should be case-sensitive) to better handle client 
bugs that will likely occur in the future.
   - Updated FetchMetaDataInterceport to use more standard LOG reference name, 
parameterization and call forms seen in other Struts 2 Interceptors.
   - Including the Sec-Fetch-User in the Vary resonse header.
   - Make setExemptedPaths an injectable method (but not required).
   - Updated unit test to use more of the constants, added test confirming the 
Vary header replacement.
   - A few whitespace changes and JavaDoc additions, including reference to the 
W3C specification site.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]


Issue Time Tracking
-------------------

    Worklog Id:     (was: 463375)
    Time Spent: 3h 10m  (was: 3h)

> Fetch Metadata support
> ----------------------
>
>                 Key: WW-5083
>                 URL: https://issues.apache.org/jira/browse/WW-5083
>             Project: Struts 2
>          Issue Type: New Feature
>          Components: Core Interceptors
>            Reporter: Santiago Diaz
>            Priority: Major
>             Fix For: 2.6
>
>          Time Spent: 3h 10m
>  Remaining Estimate: 0h
>
> We'd like to add built-in Fetch Metadata support to Struts2 to provide a 
> simple security mechanism that developers can use to protect against 
> Cross-Site Request Forgery vulnerabilities



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to