[struts-site] branch master updated: Fixes typo
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/master by this push: new fad07a3e2 Fixes typo fad07a3e2 is described below commit fad07a3e28493d7109553cb67fd0a7badafd256a Author: Lukasz Lenart AuthorDate: Thu Nov 17 14:32:49 2022 +0100 Fixes typo --- source/core-developers/plain-result.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source/core-developers/plain-result.md b/source/core-developers/plain-result.md index f4a641209..31d85c422 100644 --- a/source/core-developers/plain-result.md +++ b/source/core-developers/plain-result.md @@ -12,10 +12,10 @@ parent: You create this result programmatically in an action and return it as a result of the action. No result definition is needed in `struts.xml`. See the examples below how to use it. Please notice that the method result type is `PlainResult` -instead of `String`. Please explore the API for more methods - if any is missing you can either extends the interface +instead of `String`. Please explore the API for more methods - if any is missing you can either extend the interface or report it in [JIRA](https://issues.apache.org/jira/projects/WW/). -> NOTE: This result is available since Struts 2.6 and it requires Java 8 +> NOTE: This result is available since Struts 6.0.0 ## Parameters
[struts-site] branch master updated: Fixes title
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/master by this push: new d0f96a94c Fixes title d0f96a94c is described below commit d0f96a94cb7fe92681596fb11fca3a82bba8c218 Author: Lukasz Lenart AuthorDate: Thu Nov 17 14:41:25 2022 +0100 Fixes title --- source/core-developers/coop-interceptor.md | 28 +++- 1 file changed, 19 insertions(+), 9 deletions(-) diff --git a/source/core-developers/coop-interceptor.md b/source/core-developers/coop-interceptor.md index 29b24d8bc..24a4af44b 100644 --- a/source/core-developers/coop-interceptor.md +++ b/source/core-developers/coop-interceptor.md @@ -6,28 +6,38 @@ parent: url: interceptors.html --- -# Fetch Metadata Interceptor +# Cross-Origin Opener Policy Interceptor ## Description Interceptor that implements Cross-Origin Opener Policy on incoming requests. -COOP is a security mitigation that lets developers isolate their resources against side-channel attacks and information leaks. The COOP response header allows a document to request a new browsing context group to better isolate itself from other untrustworthy origins. Separating browsing contexts is necessary because at least two types of attacks are possible when a document shares a browsing context group and possibly an operating system process with cross-origin documents: +COOP is a security mitigation that lets developers isolate their resources against side-channel attacks and information +leaks. The COOP response header allows a document to request a new browsing context group to better isolate itself +from other untrustworthy origins. Separating browsing contexts is necessary because at least two types of attacks +are possible when a document shares a browsing context group and possibly an operating system process with cross-origin documents: -- Cross-window attacks. A malicious document can open a victim document in a new window and later navigate the window to a look-alike document to trick the user, or attempt to exploit postMessage vulnerabilities in the victim document. -- Process-wide attacks. Side channel and transient execution attacks like Spectre may provide an opportunity to the malicious document to get access to sensitive data from the victim document, if they share an OS process. +- Cross-window attacks. A malicious document can open a victim document in a new window and later navigate the window + to a look-alike document to trick the user, or attempt to exploit postMessage vulnerabilities in the victim document. +- Process-wide attacks. Side channel and transient execution attacks like Spectre may provide an opportunity + to the malicious document to get access to sensitive data from the victim document, if they share an OS process. -The COOP header can have one of 3 values: `same-origin`, `same-origin-allow-popups`, `unsafe-none`. If the COOP values are the same, and the origins of the documents match the relationship declared in the COOP header value, documents can interact with each other. Otherwise if at least one of the documents sets COOP, the browser will create a new browsing context group severing the link between the documents. Sites can use `same-origin-allow-popups` to allow popups they open to be in the [...] +The COOP header can have one of 3 values: `same-origin`, `same-origin-allow-popups`, `unsafe-none`. If the COOP values +are the same, and the origins of the documents match the relationship declared in the COOP header value, documents can +interact with each other. Otherwise, if at least one of the documents sets COOP, the browser will create a new browsing +context group severing the link between the documents. Sites can use `same-origin-allow-popups` to allow popups they open +to be in their browsing context group (unless the popup's own COOP prevents this). COOP is now supported by all major browsers. - [More information about COOP](https://web.dev/why-coop-coep/#coop). ## Parameters -- `exemptedPaths` - Set of opt out endpoints that are meant to serve cross-site traffic. Paths should contain leading slashes and must be relative. This field is empty by default. -- `mode` - The policy mode COOP should follow. Available modes are `same-origin`, `same-origin-allow-popups`, `unsafe-none`. Default mode is `same-origin`. +- `exemptedPaths` - Set of opt out endpoints that are meant to serve cross-site traffic. Paths should contain leading + slashes and must be relative. This field is empty by default. +- `mode` - The policy mode COOP should follow. Available modes are `same-origin`, `same-origin-allow-popups`, + `unsafe-none`. Default mode is `same-origin`. ## Examples @@ -39,4 +49,4 @@ COOP is now supported by all major browsers. good_result.ftl -``` \ No newli
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new b8a6eb8f4 Automatic Site Publish by Buildbot b8a6eb8f4 is described below commit b8a6eb8f40f1d8afe0913f2b9273a21acc4407b0 Author: buildbot AuthorDate: Thu Nov 17 13:41:58 2022 + Automatic Site Publish by Buildbot --- output/core-developers/coop-interceptor.html | 25 ++--- 1 file changed, 18 insertions(+), 7 deletions(-) diff --git a/output/core-developers/coop-interceptor.html b/output/core-developers/coop-interceptor.html index 0914badb5..146dff091 100644 --- a/output/core-developers/coop-interceptor.html +++ b/output/core-developers/coop-interceptor.html @@ -131,20 +131,29 @@ << back to Interceptors -Fetch Metadata Interceptor +Cross-Origin Opener Policy Interceptor Description Interceptor that implements Cross-Origin Opener Policy on incoming requests. -COOP is a security mitigation that lets developers isolate their resources against side-channel attacks and information leaks. The COOP response header allows a document to request a new browsing context group to better isolate itself from other untrustworthy origins. Separating browsing contexts is necessary because at least two types of attacks are possible when a document shares a browsing context group and possibly an operating system process with cross-origin documents: +COOP is a security mitigation that lets developers isolate their resources against side-channel attacks and information +leaks. The COOP response header allows a document to request a new browsing context group to better isolate itself +from other untrustworthy origins. Separating browsing contexts is necessary because at least two types of attacks +are possible when a document shares a browsing context group and possibly an operating system process with cross-origin documents: - Cross-window attacks. A malicious document can open a victim document in a new window and later navigate the window to a look-alike document to trick the user, or attempt to exploit postMessage vulnerabilities in the victim document. - Process-wide attacks. Side channel and transient execution attacks like Spectre may provide an opportunity to the malicious document to get access to sensitive data from the victim document, if they share an OS process. + Cross-window attacks. A malicious document can open a victim document in a new window and later navigate the window +to a look-alike document to trick the user, or attempt to exploit postMessage vulnerabilities in the victim document. + Process-wide attacks. Side channel and transient execution attacks like Spectre may provide an opportunity +to the malicious document to get access to sensitive data from the victim document, if they share an OS process. -The COOP header can have one of 3 values: same-origin, same-origin-allow-popups, unsafe-none. If the COOP values are the same, and the origins of the documents match the relationship declared in the COOP header value, documents can interact with each other. Otherwise if at least one of the documents sets COOP, th [...] +The COOP header can have one of 3 values: same-origin, same-origin-allow-popups, unsafe-none. If the COOP values +are the same, and the origins of the documents match the relationship declared in the COOP header value, documents can +interact with each other. Otherwise, if at least one of the documents sets COOP, the browser will create a new browsing +context group severing the link between the documents. Sites can use same-origin-allow-popups to allow popups they open +to be in their browsing context group (unless the popup’s own COOP prevents this). COOP is now supported by all major browsers. @@ -153,8 +162,10 @@ Parameters - exemptedPaths - Set of opt out endpoints that are meant to serve cross-site traffic. Paths should contain leading slashes and must be relative. This field is empty by default. - mode - The policy mode COOP should follow. Available modes are same-origin, same-origin-allow-popups, unsafe-none. Default mode is same-origin. + exemptedPaths - Set of opt out endpoints that are meant to serve cross-site traffic. Paths should contain leading +slashes and must be relative. This field is empty by default. + mode - The policy mode COOP should follow. Available modes are same-origin, same-origin-allow-popups, +unsafe-none. Default mode is same-origin. Examples
