Re: [TEST] Struts 6.0.2 test build is ready

After re-thinking my idea with a dedicated stack, I prepared a PR which allows to disable those interceptors https://issues.apache.org/jira/browse/WW-5218 In other ways no one will adopt them, enforcing users to use them with the option to disable them should help raise more notions about CSP, wdy

[GitHub] [struts] lukaszlenart opened a new pull request, #593: [WW-5218] Allows to disable CSP related interceptors

lukaszlenart opened a new pull request, #593: URL: https://github.com/apache/struts/pull/593 Fixes [WW-5218](https://issues.apache.org/jira/browse/WW-5218) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above

Re: [TEST] Struts 6.0.2 test build is ready

+1 for dedicated stack, but not sure if we should name it "default secure stack" as it implies that the other stacks are not secure. 😉 My 2ct on this Best Regards Johannes i...@flyingfischer.ch schrieb am Mi., 31. Aug. 2022, 14:20: > Creating a new default secure stack sounds good to me. Than

Re: [TEST] Struts 6.0.2 test build is ready

Creating a new default secure stack sounds good to me. Thank for considering. As far as I can see there would be 4 additional interceptors in this secure stack: CoepInterceptor.java CoopInterceptor.java CspInterceptor.java FetchMetadataInterceptor.java And the appropriate resources used by t

Re: [TEST] Struts 6.0.2 test build is ready

I think disabling them doesn't make sense - these are just interceptors so you can create your own stack without them. I would rather create a new default secure stack and move those interceptors into that stack, wdyt? Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ ---