Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reflect well-known HttpHeaders intent in Javadoc #33886

Closed
ThomasKasene opened this issue Nov 14, 2024 · 3 comments
Closed

Reflect well-known HttpHeaders intent in Javadoc #33886

ThomasKasene opened this issue Nov 14, 2024 · 3 comments
Assignees
@bclozel
Labels
in: web Issues in web modules (web, webmvc, webflux, websocket) type: documentation A documentation task
Milestone
6.2.1

Comments

@ThomasKasene
Copy link

In preparation for spring-projects/spring-security#14915, I'm wondering if there's any chance that DPoP and DPoP-Nonce could be added to org.springframework.http.HttpHeaders, as static constants? They are headers defined by RFC 9449 - OAuth 2.0 Demonstrating Proof of Possession (DPoP) - Section 12.8.

On the other hand, it doesn't look as though new constants are added to this class very often, so maybe that's just something we don't do anymore? 😄
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged or decided on label Nov 14, 2024
@bclozel
Copy link
Member

bclozel commented Nov 14, 2024

Thanks for the proposal, but I think that the situation is quite close to #33754 for the MediaType class. I think Spring Security supports quite a few headers already like X-Content-Type-Options which are not listed in HttpHeaders. I think we should remain consistent and not add DPoP as a result.

@bclozel bclozel closed this as not planned Won't fix, can't repro, duplicate, stale Nov 14, 2024
@bclozel bclozel added in: web Issues in web modules (web, webmvc, webflux, websocket) status: declined A suggestion or change that we don't feel we should currently apply and removed status: waiting-for-triage An issue we've not yet triaged or decided on labels Nov 14, 2024
@ThomasKasene
Copy link
Author

Thanks for the reply. I suspected it would be something like this, and it makes sense 😃 Although, maybe a similar treatment as the one you outlined in this comment would be nice for HttpHeaders's Javadoc too, for clarity's sake?

@bclozel bclozel changed the title Adding new DPoP-related constants to HttpHeaders? Reflect well-known HttpHeaders intent in Javadoc Nov 14, 2024
@bclozel bclozel added type: documentation A documentation task and removed status: declined A suggestion or change that we don't feel we should currently apply labels Nov 14, 2024
@bclozel bclozel added this to the 6.2.1 milestone Nov 14, 2024
@bclozel
Copy link
Member

bclozel commented Nov 14, 2024

Sure, I'm repurposing this issue for this. Thanks!

@bclozel bclozel reopened this Nov 14, 2024
@bclozel bclozel modified the milestones: 6.2.1, 6.2.x Nov 14, 2024
@bclozel bclozel self-assigned this Nov 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bclozel bclozel

Labels
in: web Issues in web modules (web, webmvc, webflux, websocket) type: documentation A documentation task
Projects
None yet
Milestone
6.2.1
Development

No branches or pull requests
3 participants
@bclozel @ThomasKasene @spring-projects-issues