You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by "Sven Meier (JIRA)" <ji...@apache.org> on 2013/08/23 20:29:52 UTC
[jira] [Commented] (WICKET-5326) Wicket doesn't encrypt links and
Ajax URLs when CryptoMapper is used
[ https://issues.apache.org/jira/browse/WICKET-5326?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13748827#comment-13748827 ]
Sven Meier commented on WICKET-5326:
------------------------------------
Since WICKET-4865 urls to the home page are no longer encrypted. See CryptoMapperTest#homePageWithParameters():
"When the home page url is requested, with parameters, the url will contain only page parameters. It should not be encrypted, otherwise we get needless redirects."
I'm not sure which redirects @Martin is referring to. A quick test with removing the check url.getSegments().isEmpty() from CryptoMapper works fine for the quickstart.
> Wicket doesn't encrypt links and Ajax URLs when CryptoMapper is used
> --------------------------------------------------------------------
>
> Key: WICKET-5326
> URL: https://issues.apache.org/jira/browse/WICKET-5326
> Project: Wicket
> Issue Type: Bug
> Affects Versions: 6.10.0
> Environment: Linux
> Reporter: Walter B. Rasmann
> Labels: security
> Attachments: 5326.tar.gz
>
>
> URL encryption does not work in Wicket links and Ajax URLs.
> For links the URL appears unencrypted in the href attribute value and is only later forwarded to the encrypted URL using a 302 response.
> I am uploading a quickstart.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira