Florent Morselli

Thanks for the report. The current behavior is indeed intentional for security reasons (see https://www.w3.org/TR/webauthn-2/#sctn-credential-id-privacy-leak), but I agree that making this configurable could be useful for some use cases. I’m...

Many thanks. Rebased on 5.2.x (see #790). Will be tagged `5.2.3`

Hi, What you are observing is actually the expected behaviour. The denormalisers assume that the incoming payload has the required structure, and they intentionally throw an exception when mandatory fields...

OK noted. I'll rebase and add sections in the documentation. Regards. Yes the default values are the one taken from the header specification pages: * https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cross-Origin-Embedder-Policy#unsafe-none * https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cross-Origin-Opener-Policy#unsafe-none Howver I...

Hi @Seldaek. I've made the following changes: * Documentation added * Tests added * Path-based configuration ```yaml nelmio_security: cross_origin_isolation: enabled: true paths: # Strict isolation for admin area '^/admin': coep:...

Ok a few changes and all tests pass. It is now possible to configure the headers with the report only or report features. ```yaml # Basic: coep: require-corp coop: same-origin...

> This is true ... but reading https://www.php.net/manual/en/opcache.configuration.php#ini.opcache.max-accelerated-files seems that not all primes are valid. It must be one of this specific set: > > `{ 223, 463, 983, 1979,...

Note: Nothing was removed. The workflow is just reorganized to eliminate duplication and consolidate testing (also should run faster).

Hi, Indeed this is not compliant with the specification.

Hi, Many thanks for these PRs and reports. I will review them and get back to you.