Spring Security StrictHttpFirewall#setAllowedHeaderNames should augment with existing Predicate

Expected Behavior StrictHttpFirewall#setAllowedHeaderNames either should augment the existing predicate with Predicate#and or provide addAllowHeaderNames to allow augmenting it to current predicate, so that I get to retain default protection provided by StrictHttpFirewall.

Current Behavior The current implementation rejects any Request with non-ascii characters. Current implementation of StrictHttpFirewall#setAllowedHeaderNames replaces predicate, making me lose out to default protection.

I am willing to provide a PR for this should this be accepted as valid request.

Comment From: jzheaux

Thanks for the suggestion, @gourav. To leave setAllowedHeaderNames passive, I prefer your second suggestion to add addAllowHeaderNames.

Can you add the same for header values, parameter names, and parameter values?

Comment From: gourav

Sure. Let me come up with changes for review.