You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@myfaces.apache.org by lo...@apache.org on 2013/08/30 12:20:53 UTC
svn commit: r1518930 - in /myfaces/tobago/trunk:
tobago-core/src/main/java/org/apache/myfaces/tobago/config/
tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/
tobago-core/src/main/java/org/apache/myfaces/tobago/webapp/ tobago-core/sr...
Author: lofwyr
Date: Fri Aug 30 10:20:53 2013
New Revision: 1518930
URL: http://svn.apache.org/r1518930
Log:
TOBAGO-1298: Re-implement TobagoConfigParser
TOBAGO-1171: Support for the Content Security Policy (CSP)
- config: new it's possible to add or replace resource entries
- config: replace by empty list disables CSP
- CSP is enabled by default, now
Added:
myfaces/tobago/trunk/tobago-core/src/test/resources/tobago-config-merge-0.xml
- copied, changed from r1518618, myfaces/tobago/trunk/tobago-core/src/test/resources/tobago-config-0.xml
myfaces/tobago/trunk/tobago-core/src/test/resources/tobago-config-merge-1.xml
- copied, changed from r1518618, myfaces/tobago/trunk/tobago-core/src/test/resources/tobago-config-1.xml
myfaces/tobago/trunk/tobago-core/src/test/resources/tobago-config-merge-2.xml
Removed:
myfaces/tobago/trunk/tobago-core/src/test/resources/tobago-config-0.xml
myfaces/tobago/trunk/tobago-core/src/test/resources/tobago-config-1.xml
Modified:
myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/config/TobagoConfig.java
myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigFragment.java
myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigImpl.java
myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigParser.java
myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigSorter.java
myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/webapp/TobagoResponseWriter.java
myfaces/tobago/trunk/tobago-core/src/main/resources/org/apache/myfaces/tobago/config/tobago-config-2.0.xsd
myfaces/tobago/trunk/tobago-core/src/test/java/org/apache/myfaces/tobago/internal/config/TobagoConfigMergingUnitTest.java
myfaces/tobago/trunk/tobago-core/src/test/resources/tobago-config-2.0.xml
myfaces/tobago/trunk/tobago-example/tobago-example-demo/src/main/webapp/WEB-INF/tobago-config.xml
myfaces/tobago/trunk/tobago-example/tobago-example-demo/src/main/webapp/content/30-object/object.js
myfaces/tobago/trunk/tobago-theme/tobago-theme-scarborough/src/main/java/org/apache/myfaces/tobago/renderkit/html/scarborough/standard/tag/PageRenderer.java
myfaces/tobago/trunk/tobago-theme/tobago-theme-standard/src/main/resources/META-INF/tobago-config.xml
Modified: myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/config/TobagoConfig.java
URL: http://svn.apache.org/viewvc/myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/config/TobagoConfig.java?rev=1518930&r1=1518929&r2=1518930&view=diff
==============================================================================
--- myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/config/TobagoConfig.java (original)
+++ myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/config/TobagoConfig.java Fri Aug 30 10:20:53 2013
@@ -43,32 +43,26 @@ public abstract class TobagoConfig {
public abstract List<Theme> getSupportedThemes();
/*
- // todo: should this be part of the api?
+ // TBD: should this be part of the public api?
public abstract void addResourceDir(String resourceDir);
*/
/*
- // todo: should this be part of the api?
+ // TBD: should this be part of the public api?
public abstract List<String> getResourceDirs();
*/
- /**
- * @deprecated since 1.5.0
- */
- @Deprecated
- public abstract boolean isAjaxEnabled();
-
public abstract Theme getDefaultTheme();
/*
- // todo: should this be part of the api?
+ // TBD: should this be part of the public api?
public abstract RenderersConfig getRenderersConfig();
*/
public abstract ProjectStage getProjectStage();
/*
- // todo: should this be part of the api?
+ // TBD: should this be part of the public api?
public abstract List<Theme> getThemeDefinitions();
*/
@@ -80,4 +74,6 @@ public abstract class TobagoConfig {
public abstract List<String> getContentSecurityPolicy();
+ public abstract boolean isContentSecurityPolicyActive();
+
}
Modified: myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigFragment.java
URL: http://svn.apache.org/viewvc/myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigFragment.java?rev=1518930&r1=1518929&r2=1518930&view=diff
==============================================================================
--- myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigFragment.java (original)
+++ myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigFragment.java Fri Aug 30 10:20:53 2013
@@ -44,7 +44,7 @@ public class TobagoConfigFragment {
private Boolean checkSessionSecret;
private Boolean preventFrameAttacks;
private List<String> contentSecurityPolicy;
- // todo
+ private boolean contentSecurityPolicyExtensionModeReplace;
private List<ThemeImpl> themeDefinitions;
private URL url;
@@ -164,6 +164,14 @@ public class TobagoConfigFragment {
contentSecurityPolicy.add(directive);
}
+ public boolean isContentSecurityPolicyExtensionModeReplace() {
+ return contentSecurityPolicyExtensionModeReplace;
+ }
+
+ public void setContentSecurityPolicyExtensionModeReplace(boolean contentSecurityPolicyExtensionModeReplace) {
+ this.contentSecurityPolicyExtensionModeReplace = contentSecurityPolicyExtensionModeReplace;
+ }
+
/** @deprecated since 1.5.0 */
@Deprecated
public void setFixResourceOrder(String value) {
Modified: myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigImpl.java
URL: http://svn.apache.org/viewvc/myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigImpl.java?rev=1518930&r1=1518929&r2=1518930&view=diff
==============================================================================
--- myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigImpl.java (original)
+++ myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigImpl.java Fri Aug 30 10:20:53 2013
@@ -290,6 +290,10 @@ public class TobagoConfigImpl extends To
contentSecurityPolicy.add(directive);
}
+ public boolean isContentSecurityPolicyActive() {
+ return contentSecurityPolicy.size() > 0;
+ }
+
public Map<String, String> getDefaultValidatorInfo() {
// TODO: if the startup hasn't found a FacesContext and Application, this may depend on the order of the listeners.
Modified: myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigParser.java
URL: http://svn.apache.org/viewvc/myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigParser.java?rev=1518930&r1=1518929&r2=1518930&view=diff
==============================================================================
--- myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigParser.java (original)
+++ myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigParser.java Fri Aug 30 10:20:53 2013
@@ -141,9 +141,8 @@ public class TobagoConfigParser extends
break;
case CONTENT_SECURITY_POLICY:
- LOG.warn("todo: not implemented yet!"); // todo
- attributes.getValue("disabled");
- attributes.getValue("replace");
+ final String extensionMode = attributes.getValue("extension-mode");
+ tobagoConfig.setContentSecurityPolicyExtensionModeReplace("replace".equals(extensionMode));
break;
case RENDERERS:
Modified: myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigSorter.java
URL: http://svn.apache.org/viewvc/myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigSorter.java?rev=1518930&r1=1518929&r2=1518930&view=diff
==============================================================================
--- myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigSorter.java (original)
+++ myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigSorter.java Fri Aug 30 10:20:53 2013
@@ -103,8 +103,12 @@ public class TobagoConfigSorter implemen
result.setPreventFrameAttacks(fragment.getPreventFrameAttacks());
}
- for(String directive : fragment.getContentSecurityPolicy()) {
- result.addContentSecurityPolicy(directive);
+ if (fragment.isContentSecurityPolicyExtensionModeReplace()) {
+ result.getContentSecurityPolicy().clear();
+ } else {
+ for (String directive : fragment.getContentSecurityPolicy()) {
+ result.addContentSecurityPolicy(directive);
+ }
}
// theme definition
Modified: myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/webapp/TobagoResponseWriter.java
URL: http://svn.apache.org/viewvc/myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/webapp/TobagoResponseWriter.java?rev=1518930&r1=1518929&r2=1518930&view=diff
==============================================================================
--- myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/webapp/TobagoResponseWriter.java (original)
+++ myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/webapp/TobagoResponseWriter.java Fri Aug 30 10:20:53 2013
@@ -169,7 +169,7 @@ public abstract class TobagoResponseWrit
*/
public void writeStyleAttribute(Style style) throws IOException {
if (style != null) {
- if (TobagoConfig.getInstance(FacesContext.getCurrentInstance()).getContentSecurityPolicy().size() > 0) {
+ if (TobagoConfig.getInstance(FacesContext.getCurrentInstance()).isContentSecurityPolicyActive()) {
// final long a = System.nanoTime();
Modified: myfaces/tobago/trunk/tobago-core/src/main/resources/org/apache/myfaces/tobago/config/tobago-config-2.0.xsd
URL: http://svn.apache.org/viewvc/myfaces/tobago/trunk/tobago-core/src/main/resources/org/apache/myfaces/tobago/config/tobago-config-2.0.xsd?rev=1518930&r1=1518929&r2=1518930&view=diff
==============================================================================
--- myfaces/tobago/trunk/tobago-core/src/main/resources/org/apache/myfaces/tobago/config/tobago-config-2.0.xsd (original)
+++ myfaces/tobago/trunk/tobago-core/src/main/resources/org/apache/myfaces/tobago/config/tobago-config-2.0.xsd Fri Aug 30 10:20:53 2013
@@ -71,8 +71,8 @@
<xs:element name="theme-definitions" type="tobago:theme-definitions-type" minOccurs="0"/>
</xs:sequence>
<xs:attribute name="version"
- type="tobago:tobago-config-version-type"
- use="required"/>
+ type="tobago:tobago-config-version-type"
+ use="required"/>
</xs:complexType>
<xs:simpleType name="tobago-config-version-type">
@@ -103,14 +103,20 @@
<xs:complexType name="content-security-policy-type">
<xs:sequence>
- <xs:element name="directive" type="xs:string" maxOccurs="unbounded"/>
+ <xs:element name="directive" type="xs:string" maxOccurs="unbounded" minOccurs="0"/>
</xs:sequence>
-<!--
- <xs:attribute name="disabled" type="xs:boolean" default="false"/>
- <xs:attribute name="replace" type="xs:boolean" default="false"/>
--->
+ <xs:attribute name="extension-mode"
+ type="tobago:extension-mode-type"
+ default="add"/>
</xs:complexType>
+ <xs:simpleType name="extension-mode-type">
+ <xs:restriction base="xs:token">
+ <xs:enumeration value="add"/>
+ <xs:enumeration value="replace"/>
+ </xs:restriction>
+ </xs:simpleType>
+
<xs:complexType name="renderers-type">
<xs:sequence>
<xs:element name="renderer" type="tobago:renderer-type" maxOccurs="unbounded"/>
Modified: myfaces/tobago/trunk/tobago-core/src/test/java/org/apache/myfaces/tobago/internal/config/TobagoConfigMergingUnitTest.java
URL: http://svn.apache.org/viewvc/myfaces/tobago/trunk/tobago-core/src/test/java/org/apache/myfaces/tobago/internal/config/TobagoConfigMergingUnitTest.java?rev=1518930&r1=1518929&r2=1518930&view=diff
==============================================================================
--- myfaces/tobago/trunk/tobago-core/src/test/java/org/apache/myfaces/tobago/internal/config/TobagoConfigMergingUnitTest.java (original)
+++ myfaces/tobago/trunk/tobago-core/src/test/java/org/apache/myfaces/tobago/internal/config/TobagoConfigMergingUnitTest.java Fri Aug 30 10:20:53 2013
@@ -37,8 +37,8 @@ public class TobagoConfigMergingUnitTest
throws IOException, SAXException, ParserConfigurationException, URISyntaxException {
final TobagoConfigImpl config = loadAndMerge(
- "tobago-config-0.xml",
- "tobago-config-1.xml");
+ "tobago-config-merge-0.xml",
+ "tobago-config-merge-1.xml");
Assert.assertFalse(config.isPreventFrameAttacks());
}
@@ -47,7 +47,7 @@ public class TobagoConfigMergingUnitTest
public void testPreventFrameAttacks()
throws IOException, SAXException, ParserConfigurationException, URISyntaxException {
- final TobagoConfigImpl config = loadAndMerge("tobago-config-0.xml");
+ final TobagoConfigImpl config = loadAndMerge("tobago-config-merge-0.xml");
Assert.assertFalse(config.isPreventFrameAttacks());
}
@@ -56,11 +56,50 @@ public class TobagoConfigMergingUnitTest
public void testPreventFrameAttacksDefault()
throws IOException, SAXException, ParserConfigurationException, URISyntaxException {
- final TobagoConfigImpl config = loadAndMerge("tobago-config-1.xml");
+ final TobagoConfigImpl config = loadAndMerge("tobago-config-merge-1.xml");
Assert.assertTrue(config.isPreventFrameAttacks());
}
+ @Test
+ public void testContentSecurityPolicy()
+ throws IOException, SAXException, ParserConfigurationException, URISyntaxException {
+
+ final TobagoConfigImpl config = loadAndMerge(
+ "tobago-config-merge-0.xml");
+
+ Assert.assertTrue(config.isContentSecurityPolicyActive());
+ Assert.assertEquals(1, config.getContentSecurityPolicy().size());
+ Assert.assertEquals("default-src 'self'", config.getContentSecurityPolicy().get(0));
+ }
+
+ @Test
+ public void testContentSecurityPolicyExtend()
+ throws IOException, SAXException, ParserConfigurationException, URISyntaxException {
+
+ final TobagoConfigImpl config = loadAndMerge(
+ "tobago-config-merge-0.xml",
+ "tobago-config-merge-1.xml");
+
+ Assert.assertTrue(config.isContentSecurityPolicyActive());
+ Assert.assertEquals(2, config.getContentSecurityPolicy().size());
+ Assert.assertEquals("default-src 'self'", config.getContentSecurityPolicy().get(0));
+ Assert.assertEquals("image-src http://apache.org", config.getContentSecurityPolicy().get(1));
+ }
+
+ @Test
+ public void testContentSecurityPolicyOff()
+ throws IOException, SAXException, ParserConfigurationException, URISyntaxException {
+
+ final TobagoConfigImpl config = loadAndMerge(
+ "tobago-config-merge-0.xml",
+ "tobago-config-merge-1.xml",
+ "tobago-config-merge-2.xml");
+
+ Assert.assertFalse(config.isContentSecurityPolicyActive());
+ Assert.assertEquals(0, config.getContentSecurityPolicy().size());
+ }
+
private TobagoConfigImpl loadAndMerge(String... names)
throws IOException, SAXException, ParserConfigurationException, URISyntaxException {
Modified: myfaces/tobago/trunk/tobago-core/src/test/resources/tobago-config-2.0.xml
URL: http://svn.apache.org/viewvc/myfaces/tobago/trunk/tobago-core/src/test/resources/tobago-config-2.0.xml?rev=1518930&r1=1518929&r2=1518930&view=diff
==============================================================================
--- myfaces/tobago/trunk/tobago-core/src/test/resources/tobago-config-2.0.xml (original)
+++ myfaces/tobago/trunk/tobago-core/src/test/resources/tobago-config-2.0.xml Fri Aug 30 10:20:53 2013
@@ -48,10 +48,7 @@
<check-session-secret>false</check-session-secret>
<prevent-frame-attacks>false</prevent-frame-attacks>
-<!-- TODO
- <content-security-policy disabled="true" replace="true">
--->
- <content-security-policy>
+ <content-security-policy extension-mode="replace">
<directive>default-src 'self'</directive>
<directive>frame-src http://apache.org</directive>
</content-security-policy>
Copied: myfaces/tobago/trunk/tobago-core/src/test/resources/tobago-config-merge-0.xml (from r1518618, myfaces/tobago/trunk/tobago-core/src/test/resources/tobago-config-0.xml)
URL: http://svn.apache.org/viewvc/myfaces/tobago/trunk/tobago-core/src/test/resources/tobago-config-merge-0.xml?p2=myfaces/tobago/trunk/tobago-core/src/test/resources/tobago-config-merge-0.xml&p1=myfaces/tobago/trunk/tobago-core/src/test/resources/tobago-config-0.xml&r1=1518618&r2=1518930&rev=1518930&view=diff
==============================================================================
--- myfaces/tobago/trunk/tobago-core/src/test/resources/tobago-config-0.xml (original)
+++ myfaces/tobago/trunk/tobago-core/src/test/resources/tobago-config-merge-0.xml Fri Aug 30 10:20:53 2013
@@ -27,4 +27,8 @@
<prevent-frame-attacks>false</prevent-frame-attacks>
+ <content-security-policy>
+ <directive>default-src 'self'</directive>
+ </content-security-policy>
+
</tobago-config>
Copied: myfaces/tobago/trunk/tobago-core/src/test/resources/tobago-config-merge-1.xml (from r1518618, myfaces/tobago/trunk/tobago-core/src/test/resources/tobago-config-1.xml)
URL: http://svn.apache.org/viewvc/myfaces/tobago/trunk/tobago-core/src/test/resources/tobago-config-merge-1.xml?p2=myfaces/tobago/trunk/tobago-core/src/test/resources/tobago-config-merge-1.xml&p1=myfaces/tobago/trunk/tobago-core/src/test/resources/tobago-config-1.xml&r1=1518618&r2=1518930&rev=1518930&view=diff
==============================================================================
--- myfaces/tobago/trunk/tobago-core/src/test/resources/tobago-config-1.xml (original)
+++ myfaces/tobago/trunk/tobago-core/src/test/resources/tobago-config-merge-1.xml Fri Aug 30 10:20:53 2013
@@ -31,4 +31,8 @@
</after>
</ordering>
+ <content-security-policy>
+ <directive>image-src http://apache.org</directive>
+ </content-security-policy>
+
</tobago-config>
Added: myfaces/tobago/trunk/tobago-core/src/test/resources/tobago-config-merge-2.xml
URL: http://svn.apache.org/viewvc/myfaces/tobago/trunk/tobago-core/src/test/resources/tobago-config-merge-2.xml?rev=1518930&view=auto
==============================================================================
--- myfaces/tobago/trunk/tobago-core/src/test/resources/tobago-config-merge-2.xml (added)
+++ myfaces/tobago/trunk/tobago-core/src/test/resources/tobago-config-merge-2.xml Fri Aug 30 10:20:53 2013
@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+-->
+
+<tobago-config
+ xmlns="http://myfaces.apache.org/tobago/tobago-config"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://myfaces.apache.org/tobago/tobago-config http://myfaces.apache.org/tobago/tobago-config-2.0.xsd"
+ version="2.0">
+
+ <name>name-2</name>
+
+ <ordering>
+ <after>
+ <name>name-1</name>
+ </after>
+ </ordering>
+
+ <content-security-policy extension-mode="replace">
+ </content-security-policy>
+
+</tobago-config>
Modified: myfaces/tobago/trunk/tobago-example/tobago-example-demo/src/main/webapp/WEB-INF/tobago-config.xml
URL: http://svn.apache.org/viewvc/myfaces/tobago/trunk/tobago-example/tobago-example-demo/src/main/webapp/WEB-INF/tobago-config.xml?rev=1518930&r1=1518929&r2=1518930&view=diff
==============================================================================
--- myfaces/tobago/trunk/tobago-example/tobago-example-demo/src/main/webapp/WEB-INF/tobago-config.xml (original)
+++ myfaces/tobago/trunk/tobago-example/tobago-example-demo/src/main/webapp/WEB-INF/tobago-config.xml Fri Aug 30 10:20:53 2013
@@ -27,12 +27,8 @@
<ordering>
<after>
- <name>test-1</name>
+ <name>tobago-theme-speyside</name>
</after>
- <before>
- <name>test-2</name>
- <name>test-3</name>
- </before>
</ordering>
<theme-config>
@@ -44,19 +40,10 @@
<resource-dir>tobago-resource</resource-dir>
-<!-- uncomment this to enable CSP -->
<content-security-policy>
- <directive>default-src 'self'</directive>
- <directive>frame-src http://maps.google.com</directive>
+ <directive>frame-src https://maps.google.com</directive>
</content-security-policy>
-<!-- this may be an alternative way to define (not implemented)
- <content-security-policy>
- <default-src>'self'</default-src>
- <image-src>images.irian.eu</image-src>
- </content-security-policy>
--->
-
<renderers>
<renderer>
Modified: myfaces/tobago/trunk/tobago-example/tobago-example-demo/src/main/webapp/content/30-object/object.js
URL: http://svn.apache.org/viewvc/myfaces/tobago/trunk/tobago-example/tobago-example-demo/src/main/webapp/content/30-object/object.js?rev=1518930&r1=1518929&r2=1518930&view=diff
==============================================================================
--- myfaces/tobago/trunk/tobago-example/tobago-example-demo/src/main/webapp/content/30-object/object.js (original)
+++ myfaces/tobago/trunk/tobago-example/tobago-example-demo/src/main/webapp/content/30-object/object.js Fri Aug 30 10:20:53 2013
@@ -37,7 +37,7 @@
zoom = this.options.zoom;
}
var target = this.element.data("maps-target");
- var url = 'http://maps.google.com/maps?'
+ var url = 'https://maps.google.com/maps?'
+ 'ie=UTF8&ll=' + position + '&t=h&z=' + zoom + '&output=embed&f=q&cd=1';
jQuery(Tobago.Utils.escapeClientId(target)).attr('src', url);
}
Modified: myfaces/tobago/trunk/tobago-theme/tobago-theme-scarborough/src/main/java/org/apache/myfaces/tobago/renderkit/html/scarborough/standard/tag/PageRenderer.java
URL: http://svn.apache.org/viewvc/myfaces/tobago/trunk/tobago-theme/tobago-theme-scarborough/src/main/java/org/apache/myfaces/tobago/renderkit/html/scarborough/standard/tag/PageRenderer.java?rev=1518930&r1=1518929&r2=1518930&view=diff
==============================================================================
--- myfaces/tobago/trunk/tobago-theme/tobago-theme-scarborough/src/main/java/org/apache/myfaces/tobago/renderkit/html/scarborough/standard/tag/PageRenderer.java (original)
+++ myfaces/tobago/trunk/tobago-theme/tobago-theme-scarborough/src/main/java/org/apache/myfaces/tobago/renderkit/html/scarborough/standard/tag/PageRenderer.java Fri Aug 30 10:20:53 2013
@@ -142,7 +142,9 @@ public class PageRenderer extends PageRe
ResponseUtils.ensureNoCacheHeader(facesContext);
- ResponseUtils.ensureContentSecurityPolicyHeader(facesContext, tobagoConfig.getContentSecurityPolicy());
+ if (tobagoConfig.isContentSecurityPolicyActive()) {
+ ResponseUtils.ensureContentSecurityPolicyHeader(facesContext, tobagoConfig.getContentSecurityPolicy());
+ }
if (LOG.isDebugEnabled()) {
for (Object o : page.getAttributes().entrySet()) {
Modified: myfaces/tobago/trunk/tobago-theme/tobago-theme-standard/src/main/resources/META-INF/tobago-config.xml
URL: http://svn.apache.org/viewvc/myfaces/tobago/trunk/tobago-theme/tobago-theme-standard/src/main/resources/META-INF/tobago-config.xml?rev=1518930&r1=1518929&r2=1518930&view=diff
==============================================================================
--- myfaces/tobago/trunk/tobago-theme/tobago-theme-standard/src/main/resources/META-INF/tobago-config.xml (original)
+++ myfaces/tobago/trunk/tobago-theme/tobago-theme-standard/src/main/resources/META-INF/tobago-config.xml Fri Aug 30 10:20:53 2013
@@ -22,8 +22,15 @@
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://myfaces.apache.org/tobago/tobago-config http://myfaces.apache.org/tobago/tobago-config-2.0.xsd"
version="2.0">
+
<name>tobago-theme-standard</name>
+
<resource-dir>org/apache/myfaces/tobago/renderkit</resource-dir>
+
+ <content-security-policy>
+ <directive>default-src 'self'</directive>
+ </content-security-policy>
+
<theme-definitions>
<theme-definition>
<name>standard</name>