3 tháng trước cách đây · f4b8e2421a
--- a/config/src/main/resources/org/springframework/security/config/spring-security-7.0.rnc
+++ b/config/src/main/resources/org/springframework/security/config/spring-security-7.0.rnc
@@ -1308,7 +1308,7 @@ cross-origin-embedder-policy =
 
				 	element cross-origin-embedder-policy {cross-origin-embedder-policy-options.attlist,empty}
			
 
				 cross-origin-embedder-policy-options.attlist &=
			
 
				 	## The policies for the Cross-Origin-Embedder-Policy header.
			
 
				-	attribute policy {"unsafe-none","require-corp"}?
			
 
				+	attribute policy {"unsafe-none","require-corp", "credentialless"}?
			
 
				 
			
 
				 cross-origin-resource-policy =
			
 
				 	## Adds support for Cross-Origin-Resource-Policy header
			
--- a/config/src/main/resources/org/springframework/security/config/spring-security-7.0.xsd
+++ b/config/src/main/resources/org/springframework/security/config/spring-security-7.0.xsd
@@ -3668,6 +3668,7 @@
 
				             <xs:restriction base="xs:token">
			
 
				                <xs:enumeration value="unsafe-none"/>
			
 
				                <xs:enumeration value="require-corp"/>
			
 
				+               <xs:enumeration value="credentialless"/>
			
 
				             </xs:restriction>
			
 
				          </xs:simpleType>
			
 
				       </xs:attribute>
			
--- a/web/src/main/java/org/springframework/security/web/header/writers/CrossOriginEmbedderPolicyHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/CrossOriginEmbedderPolicyHeaderWriter.java
@@ -1,5 +1,5 @@
 
				 /*
			
 
				- * Copyright 2002-2021 the original author or authors.
			
 
				+ * Copyright 2002-2025 the original author or authors.
			
 
				  *
			
 
				  * Licensed under the Apache License, Version 2.0 (the "License");
			
 
				  * you may not use this file except in compliance with the License.
			
@@ -58,7 +58,9 @@ public final class CrossOriginEmbedderPolicyHeaderWriter implements HeaderWriter
 
				 
			
 
				 		UNSAFE_NONE("unsafe-none"),
			
 
				 
			
 
				-		REQUIRE_CORP("require-corp");
			
 
				+		REQUIRE_CORP("require-corp"),
			
 
				+
			
 
				+		CREDENTIALLESS("credentialless");
			
 
				 
			
 
				 		private final String policy;
			
 
				 
			
--- a/web/src/main/java/org/springframework/security/web/server/header/CrossOriginEmbedderPolicyServerHttpHeadersWriter.java
+++ b/web/src/main/java/org/springframework/security/web/server/header/CrossOriginEmbedderPolicyServerHttpHeadersWriter.java
@@ -1,5 +1,5 @@
 
				 /*
			
 
				- * Copyright 2002-2021 the original author or authors.
			
 
				+ * Copyright 2002-2025 the original author or authors.
			
 
				  *
			
 
				  * Licensed under the Apache License, Version 2.0 (the "License");
			
 
				  * you may not use this file except in compliance with the License.
			
@@ -61,7 +61,9 @@ public final class CrossOriginEmbedderPolicyServerHttpHeadersWriter implements S
 
				 
			
 
				 		UNSAFE_NONE("unsafe-none"),
			
 
				 
			
 
				-		REQUIRE_CORP("require-corp");
			
 
				+		REQUIRE_CORP("require-corp"),
			
 
				+
			
 
				+		CREDENTIALLESS("credentialless");
			
 
				 
			
 
				 		private final String policy;