New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add X-Frame-Options header #6999
base: series/0.23
Are you sure you want to change the base?
Conversation
9b8a5f8
to
ca92204
Compare
core/shared/src/main/scala/org/http4s/headers/X-Frame-Options.scala
Outdated
Show resolved
Hide resolved
Co-authored-by: Daniel Esik <e.danicheg@yandex.ru>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't know if we need to support a deprecated
ALLOW-FROM=url
directive.
I think we might want to 😕 it's still a valid albeit deprecated value that can be encountered in the wild. And because we are modeling this as a sealed
hierarchy we cannot add more cases compatibly in the future, so we need to do it now.
Sorry for the slow review cycle.
I take that back, now that I actually turned on my brain. This is a header is really only relevant for browsers: we might send it in a server response, but it's unlikely we'll ever parse it. LGTM. Thank you! |
core/shared/src/main/scala/org/http4s/headers/X-Frame-Options.scala
Outdated
Show resolved
Hide resolved
|
||
import org.http4s.implicits.http4sSelectSyntaxOne | ||
|
||
class XFrameOptionsSuite extends Http4sSuite { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh actually, we should test laws like we do for other headers e.g.
checkAll("Accept", headerLaws[Accept]) |
I think this was missing in your other PR #6981 as well.
Adds
X-Frame-Options
header. Part of #5010.I don't know if we need to support a deprecated
ALLOW-FROM=url
directive.