Package io.camunda.security.configuration.headers

Class CrossOriginResourcePolicyConfig

java.lang.Object

io.camunda.security.configuration.headers.CrossOriginResourcePolicyConfig

public class CrossOriginResourcePolicyConfig
extends Object

Configures Cross-Origin-Resource-Policy (CORP) header for resource isolation.

CORP lets websites declare that certain resources should not be loaded by other origins. This protects against: - Spectre-like side-channel attacks - Cross-site script inclusion attacks - Unauthorized resource embedding

The header works by instructing browsers to block no-cors cross-origin requests to the resource. It complements CORB (Cross-Origin Read Blocking) which browsers implement by default.

Default: SAME_SITE - Only requests from the same Site can read the resource.

See Also:

• MDN: Cross-Origin Resource Policy
• MDN: Cross-Origin-Resource-Policy header

Constructor Summary

Constructors

Constructor	Description
CrossOriginResourcePolicyConfig()

Method Summary

Modifier and Type	Method	Description
CrossOriginResourcePolicy	getValue()
void	setValue(CrossOriginResourcePolicy value)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

CrossOriginResourcePolicyConfig

public CrossOriginResourcePolicyConfig()

Method Details

getValue

public CrossOriginResourcePolicy getValue()

setValue

public void setValue(CrossOriginResourcePolicy value)