You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@wicket.apache.org by "Sven Meier (JIRA)" <ji...@apache.org> on 2013/08/19 09:14:48 UTC

[jira] [Commented] (WICKET-5319) CryptoMapper encrypts external URLs in ResourceReferences making the resources inaccessible

    [ https://issues.apache.org/jira/browse/WICKET-5319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13743591#comment-13743591 ] 

Sven Meier commented on WICKET-5319:
------------------------------------

Please attach a runnable quickstart, thanks!
                
> CryptoMapper encrypts external URLs in ResourceReferences making the resources inaccessible
> -------------------------------------------------------------------------------------------
>
>                 Key: WICKET-5319
>                 URL: https://issues.apache.org/jira/browse/WICKET-5319
>             Project: Wicket
>          Issue Type: Bug
>    Affects Versions: 6.9.1
>         Environment: Linux
>            Reporter: Walter B. Rasmann
>            Priority: Minor
>         Attachments: jsref.tar.gz
>
>
> Short Description: 
> CryptoMapper encrypts links to resources with URLs of the form:
>  - http://domain/path/script.js
>  - /local/absolute/path/script.js
> Additionally there might be some inconsistencies in handling URLs in instances of ResourceReference.
> The problem occurs when JavaScript resources are included in the following way:
> @Override
> public void renderHead(IHeaderResponse response)
> {
> 	super.renderHead(response);
> 	
> 	UrlResourceReference reference = new UrlResourceReference(Url.parse("http://domain/path/script.js"));
> 	response.render(reference);
> }
> The resulting JavaScript links can't be loaded (404 is returned) when CryptoMapper is used.
> This is a minor problem, because the following always works for JavaScript files not served by Wicket ("external JavaScript files"):
> response.render(new StringHeaderItem("<script type=\"text/javascript\" src=\"//domain/myPath/manual.js\"></script>");
> Ways to reproduce: 
>   A code example for wicket-examples is attached (example.zip)
>   Local URLs:
>      http://localhost:8080/jsref/enc/index
>      http://localhost:8080/jsref/unenc/index
> Possible fix: 
>  - disable encryption for URLs beginning with '/', '<schema>://' and '//' and not served/filtered by Wicket
>  (
>  - define different reference classes for external files and files served/filtered by Wicket, issue warnings when a wrong URL type is supplied by the user or treat URLs beginning with '/', '<schema>://' and '//' differently
>  )
> Thank you

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira