You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@wicket.apache.org by GitBox <gi...@apache.org> on 2019/10/07 03:48:14 UTC
[GitHub] [wicket] andruhon commented on a change in pull request #384:
WICKET-6703 replace eval with jQuery.globalEval; add suspend/notify
andruhon commented on a change in pull request #384: WICKET-6703 replace eval with jQuery.globalEval; add suspend/notify
URL: https://github.com/apache/wicket/pull/384#discussion_r331837866
##########
File path: wicket-core/src/main/java/org/apache/wicket/ajax/res/js/wicket-ajax-jquery.js
##########
@@ -823,15 +861,25 @@
return;
}
+ var nonce;
+ var meta = root.getElementsByTagName("meta")[0];
+ if (!isUndef(meta)) {
+ // var nonceEl = meta.getElementsByTagName("wicket-nonce")[0];
+ // if (!isUndef(nonceEl)) {
+ // nonce = Wicket.DOM.text(nonceEl);
+ // }
+ nonce = Wicket.DOM.text(meta.getElementsByTagName("wicket-nonce")[0]);
Review comment:
Hi! nonce attribute is what I did in my implementation without backend. However I add the nonce with
```
** // add nonce to ajax response
getAjaxRequestTargetListeners().add((new AjaxRequestTarget.IListener()
{
@Override
public void onBeforeRespond(Map<String, Component> map, AjaxRequestTarget target)
{
target.addMeta("wicket-nonce", getNonce());
}
}));**
```
In CspApplication.java
Modifying ajax-response tag would be less trivial from here. Do you want me to dig in this direction? Maybe separate tag like `<wicket-nonce>` is OK?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services