This is an automated email from the ASF dual-hosted git repository.
lukaszlenart pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/struts-site.git
The following commit(s) were added to refs/heads/master by this push:
new cba3fd2cb Fixes version note
cba3fd2cb is described below
commit cba3fd2cb66a92afd152266946685e436eb3a0d4
Author: Lukasz Lenart <lukaszlen...@apache.org>
AuthorDate: Fri Jul 14 08:05:14 2023 +0200
Fixes version note
---
source/security/index.md | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/source/security/index.md b/source/security/index.md
index 195f65de7..af323a1ff 100644
--- a/source/security/index.md
+++ b/source/security/index.md
@@ -284,6 +284,8 @@ more in the Strict Method Invocation section of [Action
Configuration](../core-d
### Resource Isolation Using Fetch Metadata
+> Note: since Struts 6.0.0
+
Fetch Metadata is a mitigation against common cross origin attacks such as
Cross-Site Request Forgery (CSRF). It is
a web platform security feature designed to help servers defend themselves
against cross-origin attacks based
on the preferred resource isolation policy. The browser provides information
about the context of an HTTP request
@@ -300,7 +302,7 @@ This mechanism is implemented in Struts using the
[FetchMetadata Interceptor](..
### Cross Origin Isolation with COOP and COEP
-> Note: since Struts 2.6.
+> Note: since Struts 6.0.0
[Cross-Origin Opener
Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Opener-Policy)
is
a security mitigation that lets developers isolate their resources against
side-channel attacks and information leaks.
