Fork me on GitHub
Edit on GitHub << back to Interceptors

Fetch Metadata Interceptor


Interceptor that implements Cross-Origin Embedder Policy on incoming requests.

COEP prevents the document from loading any framed documents which don’t opt-in by setting the COEP header. (Cross-Origin-Embedder-Policy: require-corp). This provides protection for documents that don’t restrict framing. A document that doesn’t set COEP cannot be framed by another document with COEP. All descendents of a document with COEP will also enforce the same restrictions.

COEP is now supported by all major browsers.

More information about COEP.



<action  name="someAction" class="com.examples.SomeAction">
    <interceptor-ref name="defaultStack">
        <param name="coepInterceptor.exemptedPaths">/path1,/path2,/path3</param>
        <param name="coepInterceptor.enforcingMode">false</param>
        <param name="coepInterceptor.disabled">false</param>
    <result name="success">good_result.ftl</result>