You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by "Walter B. Rasmann (JIRA)" <ji...@apache.org> on 2013/08/16 14:15:47 UTC
[jira] [Updated] (WICKET-5319) CryptoMapper encrypts external URLs
in ResourceReferences making the resources inaccessible
[ https://issues.apache.org/jira/browse/WICKET-5319?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Walter B. Rasmann updated WICKET-5319:
--------------------------------------
Attachment: jsref.tar.gz
code example (runable in wicket-examples)
> CryptoMapper encrypts external URLs in ResourceReferences making the resources inaccessible
> -------------------------------------------------------------------------------------------
>
> Key: WICKET-5319
> URL: https://issues.apache.org/jira/browse/WICKET-5319
> Project: Wicket
> Issue Type: Bug
> Affects Versions: 6.9.1
> Environment: Linux
> Reporter: Walter B. Rasmann
> Priority: Minor
> Attachments: jsref.tar.gz
>
>
> Short Description:
> CryptoMapper encrypts links to resources with URLs of the form:
> - http://domain/path/script.js
> - /local/absolute/path/script.js
> Additionally there might be some inconsistencies in handling URLs in instances of ResourceReference.
> The problem occurs when JavaScript resources are included in the following way:
> @Override
> public void renderHead(IHeaderResponse response)
> {
> super.renderHead(response);
>
> UrlResourceReference reference = new UrlResourceReference(Url.parse("http://domain/path/script.js"));
> response.render(reference);
> }
> The resulting JavaScript links can't be loaded (404 is returned) when CryptoMapper is used.
> This is a minor problem, because the following always works for JavaScript files not served by Wicket ("external JavaScript files"):
> response.render(new StringHeaderItem("<script type=\"text/javascript\" src=\"//domain/myPath/manual.js\"></script>");
> Ways to reproduce:
> A code example for wicket-examples is attached (example.zip)
> Local URLs:
> http://localhost:8080/jsref/enc/index
> http://localhost:8080/jsref/unenc/index
> Possible fix:
> - disable encryption for URLs beginning with '/', '<schema>://' and '//' and not served/filtered by Wicket
> (
> - define different reference classes for external files and files served/filtered by Wicket, issue warnings when a wrong URL type is supplied by the user or treat URLs beginning with '/', '<schema>://' and '//' differently
> )
> Thank you
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira