Uploaded image for project: 'Struts 2'
  1. Struts 2
  2. WW-5085

Add Cross-Origin Opener Policy and Cross-Origin Embedder Policy Support

    XMLWordPrintableJSON

    Details

    • Type: New Feature
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.6
    • Fix Version/s: 2.6
    • Component/s: Core Interceptors
    • Labels:
      None

      Description

      We would like to add support in Struts for Cross-Origin Opener and Cross-Origin Embedder Policy.

      COOP is a security mitigation that lets developers isolate their resources against side-channel attacks and information leaks. COOP is now supported by all major browsers.

      A COOP interceptor will be implemented to add COOP headers to HTTP responses, allowing developers to configure COOP to use unsafe-nonesame-site or same-origin. Finally, developers will be able to disable COOP entirely for a set of exempted paths that are intended to be used cross-site. 

       

      COEP is a security mitigation which lets developers ensure that all resources loaded by a given document have explicitly opted into being embedded. COEP is now supported by all major browsers.

      A COEP interceptor will be implemented to add COEP headers to HTTP responses, configuring COEP to the only accepted value "require-corp". A built-in handler for COEP violation reports that will be used to collect and provide textual explanations of these reports. This will be achieved with the setting of the "report-to" header to a default endpoint or one specified by the developer.

      Additionally, developers will be able to choose between two options: whether they want to both block resources and send report to the endpoint or only send a report without blocking the resources. Finally, developers will be able to disable COEP entirely.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                gchatz Giannis Chatziveroglou
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 72h
                  72h
                  Remaining:
                  Time Spent - 50m Remaining Estimate - 71h 10m
                  71h 10m
                  Logged:
                  Time Spent - 50m Remaining Estimate - 71h 10m
                  50m