Reflect well-known HttpHeaders intent in Javadoc

[ThomasKasene]

In preparation for spring-projects/spring-security#14915, I'm wondering if there's any chance that DPoP and DPoP-Nonce could be added to org.springframework.http.HttpHeaders, as static constants? They are headers defined by RFC 9449 - OAuth 2.0 Demonstrating Proof of Possession (DPoP) - Section 12.8.

On the other hand, it doesn't look as though new constants are added to this class very often, so maybe that's just something we don't do anymore? 😄

[bclozel]

Thanks for the proposal, but I think that the situation is quite close to #33754 for the MediaType class. I think Spring Security supports quite a few headers already like X-Content-Type-Options which are not listed in HttpHeaders. I think we should remain consistent and not add DPoP as a result.

[ThomasKasene]

Thanks for the reply. I suspected it would be something like this, and it makes sense 😃 Although, maybe a similar treatment as the one you outlined in this comment would be nice for HttpHeaders's Javadoc too, for clarity's sake?

[bclozel]

Sure, I'm repurposing this issue for this. Thanks!