Serve static resources (JS, CSS) from dedicated filter #15723
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
spring-projects-issues
added
the
status: waiting-for-triage
Kehrlann
force-pushed
the
resource-filter
branch
17 times, most recently
from
f3b2f31 to
a3e1976
Compare
rwinch
requested changes
Sep 9, 2024
...src/main/java/org/springframework/security/web/authentication/ui/DefaultResourcesFilter.java
Show resolved
Hide resolved
...src/main/java/org/springframework/security/web/authentication/ui/DefaultResourcesFilter.java
Outdated
Show resolved
Hide resolved
...src/main/java/org/springframework/security/web/authentication/ui/DefaultResourcesFilter.java
Outdated
Show resolved
Hide resolved
web/src/main/java/org/springframework/security/web/server/ui/DefaultResourcesWebFilter.java
Outdated
Show resolved
Hide resolved
web/src/main/java/org/springframework/security/web/server/ui/DefaultResourcesWebFilter.java
Show resolved
Hide resolved
web/src/main/java/org/springframework/security/web/server/ui/DefaultResourcesWebFilter.java
Outdated
Show resolved
Hide resolved
Kehrlann
force-pushed
the
resource-filter
branch
2 times, most recently
from
23a735a to
59c0a75
Compare
…esourcesWebFilter
Kehrlann
force-pushed
the
resource-filter
branch
from
59c0a75 to
b521536
Compare
rwinch
approved these changes
Sep 10, 2024
rwinch
added
in: web
This was referenced Sep 11, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
reviewer: @rwinch
When rendering default UIs, we currently have CSS inline on the page. We would like to separate it in its own HTTP resource, ideally served by a dedicated filter. This filter will also be used for our passkey/webauthn implementation, which needs to serve javascript content.
The current implementations assume the CSS will be located in the classpath, at
org/springframwork/security/spring-security.css. If the resource is not present in the classpath, the filter throw an exception on startup.The current design may introduce the same filter multiple times in the filter chain. Since this default UI is not intended for high-traffic, production-grade usage, we accept the tradeoff of having an extra filter in the chain for simplicity.