Expected Behavior

Non-Reactive Spring Security has a DelegatingRequestMatcherHeaderWriter

Current Behavior

There is no implementation of ServerHttpHeadersWriter which allows the user to write certain headers for only certain paths.

Context

I am trying to not have one endpoint set X-Frame-Options, which you can do in non-reactive Spring Security using a DelegatingRequestMatcherHeaderWriter.

Comment From: marcusdacoregio

Hi @Dav1dde.

Are you interested in submitting a PR that adds the new implementation?

Comment From: Dav1dde

Yeah for sure, I can look into it. I pretty much already have an implementation in my project which just needs some cleaning up. I assume the reactive implementation would use a ServerWebExchangeMatcher? Does it make sense to have a 2nd version or an overloaded constructor that accepts a PathPattern directly?

Comment From: marcusdacoregio

You can pretty much follow the implementation of DelegatingRequestMatcherHeaderWriter. I think it makes more sense to use ServerWebExchangeMatcher and let folks decide which implementation they want.

Comment From: Dav1dde

@marcusdacoregio After many tries to configure the code style in IntelliJ correctly and failing I finally fixed the import order by hand and submitted the PR ;)

I tried to keep it as close as possible to the servlet version, implementation and test

Comment From: marcusdacoregio

What were the problems that you faced when working with the codebase?

Comment From: Dav1dde

I just couldnt get the auto formatting or syntax checking get to work. Another issue was that the gradlew from the cli always errored (with some weird errors in docstrings with non ascii characters), it worked from IntelliJ though.

I tried to get it to work by importing the eclipse settings, setting up checkstyle, neither worked. Also the gradle format just didnt format the imports properly.

Comment From: marcusdacoregio

Unfortunately, there's a limitation with the formatting tool that does not organize the imports properly. Thanks for your feedback, I'll try to make it easier for folks to set up their environment by following the CONTRIBUTING doc.

I have created https://github.com/spring-projects/spring-security/issues/11157 to track the improvement in the CONTRIBUTING doc.