You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@wicket.apache.org by Maxim Solodovnik <so...@gmail.com> on 2020/03/13 09:03:11 UTC
Re: [wicket] branch master updated: WICKET-6727: only render CSP on RenderPageRequestHandler
Hello Edmond,
It seems you accidentally re-format license header ...
On Fri, 13 Mar 2020 at 15:44, <pa...@apache.org> wrote:
>
> This is an automated email from the ASF dual-hosted git repository.
>
> papegaaij pushed a commit to branch master
> in repository https://gitbox.apache.org/repos/asf/wicket.git
>
>
> The following commit(s) were added to refs/heads/master by this push:
> new 1619809 WICKET-6727: only render CSP on RenderPageRequestHandler
> 1619809 is described below
>
> commit 16198099d8a965f17c85d2de7a6dce36b000ec26
> Author: Emond Papegaaij <em...@topicus.nl>
> AuthorDate: Fri Mar 13 09:44:36 2020 +0100
>
> WICKET-6727: only render CSP on RenderPageRequestHandler
> ---
> .../apache/wicket/csp/CSPRequestCycleListener.java | 8 +--
> .../apache/wicket/examples/csp/NonceDemoPage.html | 1 +
> .../apache/wicket/examples/csp/NonceDemoPage.java | 71 ++++++++++++----------
> 3 files changed, 45 insertions(+), 35 deletions(-)
>
> diff --git a/wicket-core/src/main/java/org/apache/wicket/csp/CSPRequestCycleListener.java b/wicket-core/src/main/java/org/apache/wicket/csp/CSPRequestCycleListener.java
> index f0acc52..3250174 100644
> --- a/wicket-core/src/main/java/org/apache/wicket/csp/CSPRequestCycleListener.java
> +++ b/wicket-core/src/main/java/org/apache/wicket/csp/CSPRequestCycleListener.java
> @@ -16,8 +16,8 @@
> */
> package org.apache.wicket.csp;
>
> -import org.apache.wicket.core.request.handler.BufferedResponseRequestHandler;
> import org.apache.wicket.core.request.handler.IPageClassRequestHandler;
> +import org.apache.wicket.core.request.handler.RenderPageRequestHandler;
> import org.apache.wicket.request.IRequestHandler;
> import org.apache.wicket.request.IRequestHandlerDelegate;
> import org.apache.wicket.request.cycle.IRequestCycleListener;
> @@ -81,11 +81,11 @@ public class CSPRequestCycleListener implements IRequestCycleListener
> {
> return mustProtect(((IRequestHandlerDelegate)handler).getDelegateHandler());
> }
> - if (handler instanceof IPageClassRequestHandler)
> + if (handler instanceof RenderPageRequestHandler)
> {
> - return settings.mustProtectPageRequest((IPageClassRequestHandler)handler);
> + return settings.mustProtectPageRequest((RenderPageRequestHandler)handler);
> }
> - return !(handler instanceof BufferedResponseRequestHandler);
> + return false;
> }
>
> }
> diff --git a/wicket-examples/src/main/java/org/apache/wicket/examples/csp/NonceDemoPage.html b/wicket-examples/src/main/java/org/apache/wicket/examples/csp/NonceDemoPage.html
> index 32549a7..d22b416 100644
> --- a/wicket-examples/src/main/java/org/apache/wicket/examples/csp/NonceDemoPage.html
> +++ b/wicket-examples/src/main/java/org/apache/wicket/examples/csp/NonceDemoPage.html
> @@ -13,6 +13,7 @@
> <p></p>
> <button wicket:id="clickMe"><wicket:message key="clickMe" /></button>
> <div class="click-me-text">Click a button above to replace this text</div>
> + <div wicket:id="blacktext">This text will stay black even though color:red is added by the button above</div>
> <div><wicket:message key="clickMeCount" /> <span wicket:id="clickMeCount"></span></div>
> <p></p>
> <div wicket:id="delayedVisible" class="delayed-visible">This delayed shown text should be green and bold</div>
> diff --git a/wicket-examples/src/main/java/org/apache/wicket/examples/csp/NonceDemoPage.java b/wicket-examples/src/main/java/org/apache/wicket/examples/csp/NonceDemoPage.java
> index dce8079..4fe81b0 100644
> --- a/wicket-examples/src/main/java/org/apache/wicket/examples/csp/NonceDemoPage.java
> +++ b/wicket-examples/src/main/java/org/apache/wicket/examples/csp/NonceDemoPage.java
> @@ -1,21 +1,16 @@
> /*
> - * Licensed to the Apache Software Foundation (ASF) under one or more
> - * contributor license agreements. See the NOTICE file distributed with
> - * this work for additional information regarding copyright ownership.
> - * The ASF licenses this file to You under the Apache License, Version 2.0
> - * (the "License"); you may not use this file except in compliance with
> - * the License. You may obtain a copy of the License at
> - *
> - * http://www.apache.org/licenses/LICENSE-2.0
> - *
> - * Unless required by applicable law or agreed to in writing, software
> - * distributed under the License is distributed on an "AS IS" BASIS,
> - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> - * See the License for the specific language governing permissions and
> - * limitations under the License.
> + * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
> + * agreements. See the NOTICE file distributed with this work for additional information regarding
> + * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
> + * "License"); you may not use this file except in compliance with the License. You may obtain a
> + * copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable
> + * law or agreed to in writing, software distributed under the License is distributed on an "AS IS"
> + * BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License
> + * for the specific language governing permissions and limitations under the License.
> */
> package org.apache.wicket.examples.csp;
>
> +import org.apache.wicket.AttributeModifier;
> import org.apache.wicket.ajax.AjaxRequestTarget;
> import org.apache.wicket.ajax.markup.html.AjaxLink;
> import org.apache.wicket.examples.WicketExamplePage;
> @@ -35,10 +30,13 @@ import org.apache.wicket.request.resource.ResourceReference;
> */
> public class NonceDemoPage extends WicketExamplePage
> {
> -
> - private static final ResourceReference JS_DELAYED = new JavaScriptResourceReference(NonceDemoPage.class, "delayedVisible.js");
> - private static final ResourceReference CSS_DELAYED = new CssResourceReference(NonceDemoPage.class, "delayedVisible.css");
> -
> +
> + private static final ResourceReference JS_DELAYED =
> + new JavaScriptResourceReference(NonceDemoPage.class, "delayedVisible.js");
> +
> + private static final ResourceReference CSS_DELAYED =
> + new CssResourceReference(NonceDemoPage.class, "delayedVisible.css");
> +
> private final IModel<Integer> clickMeCountModel = Model.of(0);
>
> public NonceDemoPage()
> @@ -50,13 +48,16 @@ public class NonceDemoPage extends WicketExamplePage
> final Label clickMeCount = new Label("clickMeCount", clickMeCountModel);
> clickMeCount.setOutputMarkupId(true);
> add(clickMeCount);
> -
> - final WebMarkupContainer delayedVisible = new WebMarkupContainer("delayedVisible") {
> +
> + final WebMarkupContainer delayedVisible = new WebMarkupContainer("delayedVisible")
> + {
> + private static final long serialVersionUID = 1L;
> +
> @Override
> public void renderHead(IHeaderResponse response)
> {
> super.renderHead(response);
> -
> +
> response.render(JavaScriptHeaderItem.forReference(JS_DELAYED));
> response.render(CssHeaderItem.forReference(CSS_DELAYED));
> }
> @@ -65,8 +66,14 @@ public class NonceDemoPage extends WicketExamplePage
> delayedVisible.setVisible(false);
> add(delayedVisible);
>
> + WebMarkupContainer blacktext = new WebMarkupContainer("blacktext");
> + blacktext.setOutputMarkupId(true);
> + add(blacktext);
> +
> add(new AjaxLink<String>("clickMe")
> {
> + private static final long serialVersionUID = 1L;
> +
> @Override
> public void onClick(AjaxRequestTarget target)
> {
> @@ -75,11 +82,15 @@ public class NonceDemoPage extends WicketExamplePage
> // target.add (works even without unsafe-eval)
> target.add(clickMeCount);
>
> - // append javascript (won't work without unsafe-eval)
> - target.appendJavaScript("document.querySelector(\".click-me-text\").innerHTML = \"replaced\";");
> -
> + // append javascript (works even without unsafe-eval)
> + target.appendJavaScript(
> + "document.querySelector(\".click-me-text\").innerHTML = \"replaced\";");
> +
> delayedVisible.setVisible(true);
> target.add(delayedVisible);
> +
> + blacktext.add(AttributeModifier.replace("style", "color: red"));
> + target.add(blacktext);
> }
> }.setOutputMarkupId(true));
> }
> @@ -90,14 +101,12 @@ public class NonceDemoPage extends WicketExamplePage
> super.renderHead(response);
> // Add inline script with nonce
> response.render(JavaScriptHeaderItem.forScript(
> - "$(function(){$(\".test-nonce-script\").html(\"Text injected by script with nonce: success\");});",
> - "test-nonce-script"
> - ));
> + "$(function(){$(\".test-nonce-script\").html(\"Text injected by script with nonce: success\");});",
> + "test-nonce-script"));
> // Add inline css with nonce
> - response.render(CssHeaderItem.forCSS(
> - ".injected-style--with-nonce{color: green; font-weight: bold;}",
> - "injected-style-with-nonce")
> - );
> + response.render(
> + CssHeaderItem.forCSS(".injected-style--with-nonce{color: green; font-weight: bold;}",
> + "injected-style-with-nonce"));
> }
>
> @Override
>
--
WBR
Maxim aka solomax
Re: [wicket] branch master updated: WICKET-6727: only render CSP on RenderPageRequestHandler
Posted by Emond Papegaaij <em...@gmail.com>.
Yes, you are right. Martin beat me in fixing it :) The file had some
formatting issues, so I pressed Ctrl-Shift-F, forgot about the
license.
Emond
On Fri, Mar 13, 2020 at 10:03 AM Maxim Solodovnik <so...@gmail.com> wrote:
>
> Hello Edmond,
>
> It seems you accidentally re-format license header ...
>
> On Fri, 13 Mar 2020 at 15:44, <pa...@apache.org> wrote:
> >
> > This is an automated email from the ASF dual-hosted git repository.
> >
> > papegaaij pushed a commit to branch master
> > in repository https://gitbox.apache.org/repos/asf/wicket.git
> >
> >
> > The following commit(s) were added to refs/heads/master by this push:
> > new 1619809 WICKET-6727: only render CSP on RenderPageRequestHandler
> > 1619809 is described below
> >
> > commit 16198099d8a965f17c85d2de7a6dce36b000ec26
> > Author: Emond Papegaaij <em...@topicus.nl>
> > AuthorDate: Fri Mar 13 09:44:36 2020 +0100
> >
> > WICKET-6727: only render CSP on RenderPageRequestHandler
> > ---
> > .../apache/wicket/csp/CSPRequestCycleListener.java | 8 +--
> > .../apache/wicket/examples/csp/NonceDemoPage.html | 1 +
> > .../apache/wicket/examples/csp/NonceDemoPage.java | 71 ++++++++++++----------
> > 3 files changed, 45 insertions(+), 35 deletions(-)
> >
> > diff --git a/wicket-core/src/main/java/org/apache/wicket/csp/CSPRequestCycleListener.java b/wicket-core/src/main/java/org/apache/wicket/csp/CSPRequestCycleListener.java
> > index f0acc52..3250174 100644
> > --- a/wicket-core/src/main/java/org/apache/wicket/csp/CSPRequestCycleListener.java
> > +++ b/wicket-core/src/main/java/org/apache/wicket/csp/CSPRequestCycleListener.java
> > @@ -16,8 +16,8 @@
> > */
> > package org.apache.wicket.csp;
> >
> > -import org.apache.wicket.core.request.handler.BufferedResponseRequestHandler;
> > import org.apache.wicket.core.request.handler.IPageClassRequestHandler;
> > +import org.apache.wicket.core.request.handler.RenderPageRequestHandler;
> > import org.apache.wicket.request.IRequestHandler;
> > import org.apache.wicket.request.IRequestHandlerDelegate;
> > import org.apache.wicket.request.cycle.IRequestCycleListener;
> > @@ -81,11 +81,11 @@ public class CSPRequestCycleListener implements IRequestCycleListener
> > {
> > return mustProtect(((IRequestHandlerDelegate)handler).getDelegateHandler());
> > }
> > - if (handler instanceof IPageClassRequestHandler)
> > + if (handler instanceof RenderPageRequestHandler)
> > {
> > - return settings.mustProtectPageRequest((IPageClassRequestHandler)handler);
> > + return settings.mustProtectPageRequest((RenderPageRequestHandler)handler);
> > }
> > - return !(handler instanceof BufferedResponseRequestHandler);
> > + return false;
> > }
> >
> > }
> > diff --git a/wicket-examples/src/main/java/org/apache/wicket/examples/csp/NonceDemoPage.html b/wicket-examples/src/main/java/org/apache/wicket/examples/csp/NonceDemoPage.html
> > index 32549a7..d22b416 100644
> > --- a/wicket-examples/src/main/java/org/apache/wicket/examples/csp/NonceDemoPage.html
> > +++ b/wicket-examples/src/main/java/org/apache/wicket/examples/csp/NonceDemoPage.html
> > @@ -13,6 +13,7 @@
> > <p></p>
> > <button wicket:id="clickMe"><wicket:message key="clickMe" /></button>
> > <div class="click-me-text">Click a button above to replace this text</div>
> > + <div wicket:id="blacktext">This text will stay black even though color:red is added by the button above</div>
> > <div><wicket:message key="clickMeCount" /> <span wicket:id="clickMeCount"></span></div>
> > <p></p>
> > <div wicket:id="delayedVisible" class="delayed-visible">This delayed shown text should be green and bold</div>
> > diff --git a/wicket-examples/src/main/java/org/apache/wicket/examples/csp/NonceDemoPage.java b/wicket-examples/src/main/java/org/apache/wicket/examples/csp/NonceDemoPage.java
> > index dce8079..4fe81b0 100644
> > --- a/wicket-examples/src/main/java/org/apache/wicket/examples/csp/NonceDemoPage.java
> > +++ b/wicket-examples/src/main/java/org/apache/wicket/examples/csp/NonceDemoPage.java
> > @@ -1,21 +1,16 @@
> > /*
> > - * Licensed to the Apache Software Foundation (ASF) under one or more
> > - * contributor license agreements. See the NOTICE file distributed with
> > - * this work for additional information regarding copyright ownership.
> > - * The ASF licenses this file to You under the Apache License, Version 2.0
> > - * (the "License"); you may not use this file except in compliance with
> > - * the License. You may obtain a copy of the License at
> > - *
> > - * http://www.apache.org/licenses/LICENSE-2.0
> > - *
> > - * Unless required by applicable law or agreed to in writing, software
> > - * distributed under the License is distributed on an "AS IS" BASIS,
> > - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> > - * See the License for the specific language governing permissions and
> > - * limitations under the License.
> > + * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
> > + * agreements. See the NOTICE file distributed with this work for additional information regarding
> > + * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
> > + * "License"); you may not use this file except in compliance with the License. You may obtain a
> > + * copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable
> > + * law or agreed to in writing, software distributed under the License is distributed on an "AS IS"
> > + * BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License
> > + * for the specific language governing permissions and limitations under the License.
> > */
> > package org.apache.wicket.examples.csp;
> >
> > +import org.apache.wicket.AttributeModifier;
> > import org.apache.wicket.ajax.AjaxRequestTarget;
> > import org.apache.wicket.ajax.markup.html.AjaxLink;
> > import org.apache.wicket.examples.WicketExamplePage;
> > @@ -35,10 +30,13 @@ import org.apache.wicket.request.resource.ResourceReference;
> > */
> > public class NonceDemoPage extends WicketExamplePage
> > {
> > -
> > - private static final ResourceReference JS_DELAYED = new JavaScriptResourceReference(NonceDemoPage.class, "delayedVisible.js");
> > - private static final ResourceReference CSS_DELAYED = new CssResourceReference(NonceDemoPage.class, "delayedVisible.css");
> > -
> > +
> > + private static final ResourceReference JS_DELAYED =
> > + new JavaScriptResourceReference(NonceDemoPage.class, "delayedVisible.js");
> > +
> > + private static final ResourceReference CSS_DELAYED =
> > + new CssResourceReference(NonceDemoPage.class, "delayedVisible.css");
> > +
> > private final IModel<Integer> clickMeCountModel = Model.of(0);
> >
> > public NonceDemoPage()
> > @@ -50,13 +48,16 @@ public class NonceDemoPage extends WicketExamplePage
> > final Label clickMeCount = new Label("clickMeCount", clickMeCountModel);
> > clickMeCount.setOutputMarkupId(true);
> > add(clickMeCount);
> > -
> > - final WebMarkupContainer delayedVisible = new WebMarkupContainer("delayedVisible") {
> > +
> > + final WebMarkupContainer delayedVisible = new WebMarkupContainer("delayedVisible")
> > + {
> > + private static final long serialVersionUID = 1L;
> > +
> > @Override
> > public void renderHead(IHeaderResponse response)
> > {
> > super.renderHead(response);
> > -
> > +
> > response.render(JavaScriptHeaderItem.forReference(JS_DELAYED));
> > response.render(CssHeaderItem.forReference(CSS_DELAYED));
> > }
> > @@ -65,8 +66,14 @@ public class NonceDemoPage extends WicketExamplePage
> > delayedVisible.setVisible(false);
> > add(delayedVisible);
> >
> > + WebMarkupContainer blacktext = new WebMarkupContainer("blacktext");
> > + blacktext.setOutputMarkupId(true);
> > + add(blacktext);
> > +
> > add(new AjaxLink<String>("clickMe")
> > {
> > + private static final long serialVersionUID = 1L;
> > +
> > @Override
> > public void onClick(AjaxRequestTarget target)
> > {
> > @@ -75,11 +82,15 @@ public class NonceDemoPage extends WicketExamplePage
> > // target.add (works even without unsafe-eval)
> > target.add(clickMeCount);
> >
> > - // append javascript (won't work without unsafe-eval)
> > - target.appendJavaScript("document.querySelector(\".click-me-text\").innerHTML = \"replaced\";");
> > -
> > + // append javascript (works even without unsafe-eval)
> > + target.appendJavaScript(
> > + "document.querySelector(\".click-me-text\").innerHTML = \"replaced\";");
> > +
> > delayedVisible.setVisible(true);
> > target.add(delayedVisible);
> > +
> > + blacktext.add(AttributeModifier.replace("style", "color: red"));
> > + target.add(blacktext);
> > }
> > }.setOutputMarkupId(true));
> > }
> > @@ -90,14 +101,12 @@ public class NonceDemoPage extends WicketExamplePage
> > super.renderHead(response);
> > // Add inline script with nonce
> > response.render(JavaScriptHeaderItem.forScript(
> > - "$(function(){$(\".test-nonce-script\").html(\"Text injected by script with nonce: success\");});",
> > - "test-nonce-script"
> > - ));
> > + "$(function(){$(\".test-nonce-script\").html(\"Text injected by script with nonce: success\");});",
> > + "test-nonce-script"));
> > // Add inline css with nonce
> > - response.render(CssHeaderItem.forCSS(
> > - ".injected-style--with-nonce{color: green; font-weight: bold;}",
> > - "injected-style-with-nonce")
> > - );
> > + response.render(
> > + CssHeaderItem.forCSS(".injected-style--with-nonce{color: green; font-weight: bold;}",
> > + "injected-style-with-nonce"));
> > }
> >
> > @Override
> >
>
>
> --
> WBR
> Maxim aka solomax