Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add X-Frame-Options header #6999

Open
wants to merge 5 commits into
base: series/0.23
Choose a base branch
from
Open

Add X-Frame-Options header #6999

wants to merge 5 commits into from

Conversation

sierikov
Copy link
Contributor

Adds X-Frame-Options header. Part of #5010.
I don't know if we need to support a deprecated ALLOW-FROM=url directive.

@mergify mergify bot added series/0.23 PRs targeting 0.23.x module:core labels Feb 24, 2023
@armanbilge @danicheg
Not a case class
e6c68d6 
Co-authored-by: Daniel Esik <e.danicheg@yandex.ru>
armanbilge
armanbilge requested changes Nov 9, 2023
View reviewed changes
Copy link
Member

@armanbilge armanbilge left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't know if we need to support a deprecated ALLOW-FROM=url directive.

I think we might want to 😕 it's still a valid albeit deprecated value that can be encountered in the wild. And because we are modeling this as a sealed hierarchy we cannot add more cases compatibly in the future, so we need to do it now.

Sorry for the slow review cycle.

@armanbilge
Copy link
Member

it's still a valid albeit deprecated value that can be encountered in the wild.

I take that back, now that I actually turned on my brain. This is a header is really only relevant for browsers: we might send it in a server response, but it's unlikely we'll ever parse it.

LGTM. Thank you!

armanbilge
armanbilge requested changes Nov 9, 2023
View reviewed changes
tests/shared/src/test/scala/org/http4s/headers/XFrameOptionsSuite.scala

import org.http4s.implicits.http4sSelectSyntaxOne

class XFrameOptionsSuite extends Http4sSuite {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh actually, we should test laws like we do for other headers e.g.

http4s/tests/shared/src/test/scala/org/http4s/headers/AcceptHeaderSuite.scala

Line 23 in 4c77703

checkAll("Accept", headerLaws[Accept])

I think this was missing in your other PR #6981 as well.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@satorg satorg satorg left review comments

@danicheg danicheg danicheg left review comments

@armanbilge armanbilge armanbilge requested changes

@ChristopherDavenport ChristopherDavenport ChristopherDavenport approved these changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
module:core series/0.23 PRs targeting 0.23.x
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@sierikov @armanbilge @satorg @ChristopherDavenport @danicheg