You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@wicket.apache.org by GitBox <gi...@apache.org> on 2019/09/10 22:37:03 UTC
[GitHub] [wicket] andruhon commented on a change in pull request #382:
WICKET-6688 add RFC and replace eval with DOM eval
andruhon commented on a change in pull request #382: WICKET-6688 add RFC and replace eval with DOM eval
URL: https://github.com/apache/wicket/pull/382#discussion_r322992042
##########
File path: wicket-examples/src/main/java/org/apache/wicket/examples/csp/CspApplication.java
##########
@@ -69,4 +88,19 @@ public static String getNonce()
}
return nonce;
}
+
+ public static boolean isCspApplicable()
+ {
+ Request request = RequestCycle.get().getRequest();
+ if (request instanceof ServletWebRequest)
+ {
+ // Unfortunately Edge does things worse than just "doesn't support" it does support the CSP,
+ // but the 'nonce' and 'strict-dynamic' instructions were broken for ages.
+ // Edge issue https://developer.microsoft.com/en-us/microsoft-edge/platform/issues/13246371/
+ // It's OK in new Edge chromium beta, also the new Edge has Edg/ in User-Agent header instead of Edge/
+ return !((ServletWebRequest)request).getContainerRequest().getHeader("User-Agent").contains("Edge/");
Review comment:
As of today - yes. But once new version of Edge is released 99.9 of buggy EdgeHTML/Chakra Edges supposed to be wiped out with windows update. It must happen pretty soon.
Otherwise works well in IE11, Chrome, Safari, Firefox and other modern browsers.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services