You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@wicket.apache.org by "Martin Tzvetanov Grigorov (Jira)" <ji...@apache.org> on 2024/03/08 09:16:00 UTC

[jira] [Resolved] (WICKET-7093) Add support for missing CSP directives

     [ https://issues.apache.org/jira/browse/WICKET-7093?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Martin Tzvetanov Grigorov resolved WICKET-7093.
-----------------------------------------------
    Fix Version/s: 10.0.0-M3
                   9.17.0
         Assignee: Martin Tzvetanov Grigorov
       Resolution: Fixed

"form-action" has been added.
More directives will be added if/when someone needs them!

> Add support for missing CSP directives
> --------------------------------------
>
>                 Key: WICKET-7093
>                 URL: https://issues.apache.org/jira/browse/WICKET-7093
>             Project: Wicket
>          Issue Type: Improvement
>          Components: wicket
>    Affects Versions: 9.16.0
>            Reporter: Martin Tzvetanov Grigorov
>            Assignee: Martin Tzvetanov Grigorov
>            Priority: Minor
>             Fix For: 10.0.0-M3, 9.17.0
>
>
> A user at StackOverflow reported that the CSP directive `form-action` is not supported: https://stackoverflow.com/questions/77768942/missing-form-action-csp-directive-in-cspdirective
> Looking at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/form-action and https://github.com/apache/wicket/blob/c4a77c4ee7b7ec1dd5d071ed6e1e41a9946d6758/wicket-core/src/main/java/org/apache/wicket/csp/CSPDirective.java#L36-L48 I think there are few more that are listed in the CSPDirective enum.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)