You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by "CROOK (JIRA)" <ji...@apache.org> on 2008/08/31 05:47:44 UTC
[jira] Created: (WICKET-1812) Header contributions occur even
though rendering is not allowed by authorization strategy
Header contributions occur even though rendering is not allowed by authorization strategy
-----------------------------------------------------------------------------------------
Key: WICKET-1812
URL: https://issues.apache.org/jira/browse/WICKET-1812
Project: Wicket
Issue Type: Bug
Components: wicket
Reporter: CROOK
Priority: Minor
Components that are not allowed to render due to authorization restrictions still have their headers contributed. As this doesn't affect the integrity of the application it could possibly result in security issues depending on the components involved. For now a workaround is to explicitly set the component's visibility using setVisible() or overriding isVisible() which prevents the header contribution from occurring.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (WICKET-1812) Header contributions occur even
though rendering is not allowed by authorization strategy
Posted by "Juergen Donnerstag (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WICKET-1812?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Juergen Donnerstag resolved WICKET-1812.
----------------------------------------
Resolution: Fixed
Fix Version/s: 1.4-RC2
Assignee: Juergen Donnerstag
fixed. thanks
> Header contributions occur even though rendering is not allowed by authorization strategy
> -----------------------------------------------------------------------------------------
>
> Key: WICKET-1812
> URL: https://issues.apache.org/jira/browse/WICKET-1812
> Project: Wicket
> Issue Type: Bug
> Components: wicket
> Reporter: CROOK
> Assignee: Juergen Donnerstag
> Priority: Minor
> Fix For: 1.4-RC2
>
>
> Components that are not allowed to render due to authorization restrictions still have their headers contributed. As this doesn't affect the integrity of the application it could possibly result in security issues depending on the components involved. For now a workaround is to explicitly set the component's visibility using setVisible() or overriding isVisible() which prevents the header contribution from occurring.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.