You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by "Martin Tzvetanov Grigorov (Jira)" <ji...@apache.org> on 2024/03/08 09:16:00 UTC
[jira] [Resolved] (WICKET-7093) Add support for missing CSP directives
[ https://issues.apache.org/jira/browse/WICKET-7093?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Martin Tzvetanov Grigorov resolved WICKET-7093.
-----------------------------------------------
Fix Version/s: 10.0.0-M3
9.17.0
Assignee: Martin Tzvetanov Grigorov
Resolution: Fixed
"form-action" has been added.
More directives will be added if/when someone needs them!
> Add support for missing CSP directives
> --------------------------------------
>
> Key: WICKET-7093
> URL: https://issues.apache.org/jira/browse/WICKET-7093
> Project: Wicket
> Issue Type: Improvement
> Components: wicket
> Affects Versions: 9.16.0
> Reporter: Martin Tzvetanov Grigorov
> Assignee: Martin Tzvetanov Grigorov
> Priority: Minor
> Fix For: 10.0.0-M3, 9.17.0
>
>
> A user at StackOverflow reported that the CSP directive `form-action` is not supported: https://stackoverflow.com/questions/77768942/missing-form-action-csp-directive-in-cspdirective
> Looking at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/form-action and https://github.com/apache/wicket/blob/c4a77c4ee7b7ec1dd5d071ed6e1e41a9946d6758/wicket-core/src/main/java/org/apache/wicket/csp/CSPDirective.java#L36-L48 I think there are few more that are listed in the CSPDirective enum.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)