solomax commented on issue #400: WICKET-6725: replace display: none by css class
URL: https://github.com/apache/wicket/pull/400#issuecomment-577028408
Maybe changes required for `WICKET-6726` can also be added to
`wicket-core.css`?
solomax commented on issue #399: WICKET-6727: Configurable
Content-Security-Policy
URL: https://github.com/apache/wicket/pull/399#issuecomment-577026973
@papegaaij I'm still investigating
(suspectingthis might be caused by lots of `nonce`s need to be generated,
and/or lot's of inline
martin-g commented on a change in pull request #399: WICKET-6727: Configurable
Content-Security-Policy
URL: https://github.com/apache/wicket/pull/399#discussion_r369383970
##
File path:
wicket-examples/src/main/java/org/apache/wicket/examples/WicketExampleApplication.java
martin-g commented on a change in pull request #400: WICKET-6725: replace
display: none by css class
URL: https://github.com/apache/wicket/pull/400#discussion_r369382673
##
File path:
wicket-core/src/main/java/org/apache/wicket/mock/MockApplication.java
##
@@ -71,5 +71,7
Hi Ernesto,
On Tue, Jan 21, 2020 at 10:30 PM Ernesto Reinaldo Barreiro <
reier...@gmail.com> wrote:
> IMHO more than marketing it is important not to lose/disrupt customers and
> people that has been using wicket for MANY years. Even less when 9.x has
> been waiting to be released for quite some
On Tue, Jan 21, 2020 at 10:10 PM Emond Papegaaij
wrote:
> In my opinion marketing is very important, but I think it is more
> important to have this option enabled on as many applications as
> possible. Enabling this by default will give this a much wider reach
> than just having it available.
andruhon commented on issue #400: WICKET-6725: replace display: none by css
class
URL: https://github.com/apache/wicket/pull/400#issuecomment-576885516
The change looks good to me
This is an automated message from the Apache
andruhon commented on a change in pull request #400: WICKET-6725: replace
display: none by css class
URL: https://github.com/apache/wicket/pull/400#discussion_r369246875
##
File path:
wicket-core/src/main/java/org/apache/wicket/mock/MockApplication.java
##
@@ -71,5 +71,7
IMHO more than marketing it is important not to lose/disrupt customers and
people that has been using wicket for MANY years. Even less when 9.x has
been waiting to be released for quite some time. e.g. for my current
customer I've been keeping a branch of application that is 9.x. A few
months ago
In my opinion marketing is very important, but I think it is more
important to have this option enabled on as many applications as
possible. Enabling this by default will give this a much wider reach
than just having it available. Most importantly, it will be enabled on
new applications, guiding
papegaaij commented on a change in pull request #399: WICKET-6727: Configurable
Content-Security-Policy
URL: https://github.com/apache/wicket/pull/399#discussion_r369210183
##
File path:
wicket-core/src/test/java/org/apache/wicket/csp/CSPSettingRequestCycleListenerTest.java
papegaaij commented on a change in pull request #399: WICKET-6727: Configurable
Content-Security-Policy
URL: https://github.com/apache/wicket/pull/399#discussion_r369209780
##
File path:
wicket-core/src/main/java/org/apache/wicket/csp/ContentSecurityPolicyEnforcer.java
##
papegaaij commented on a change in pull request #399: WICKET-6727: Configurable
Content-Security-Policy
URL: https://github.com/apache/wicket/pull/399#discussion_r369209407
##
File path: wicket-core/src/main/java/org/apache/wicket/csp/CSPRenderable.java
##
@@ -0,0 +1,42
papegaaij commented on a change in pull request #399: WICKET-6727: Configurable
Content-Security-Policy
URL: https://github.com/apache/wicket/pull/399#discussion_r369208682
##
File path: wicket-core/src/main/java/org/apache/wicket/csp/CSPDirective.java
##
@@ -0,0 +1,208
papegaaij commented on issue #399: WICKET-6727: Configurable
Content-Security-Policy
URL: https://github.com/apache/wicket/pull/399#issuecomment-576848537
> API looks good to me
> I'm trying to add CSP support from this branch to out main wicket app
> The biggest problem so far:
papegaaij commented on a change in pull request #399: WICKET-6727: Configurable
Content-Security-Policy
URL: https://github.com/apache/wicket/pull/399#discussion_r369205446
##
File path:
wicket-examples/src/main/java/org/apache/wicket/examples/WicketExampleApplication.java
Dear Apache enthusiast,
(You’re receiving this message because you are subscribed to one or more
project mailing lists at the Apache Software Foundation.)
The call for presentations for ApacheCon North America 2020 is now open
at https://apachecon.com/acna2020/cfp
ApacheCon will be held at
I agree with the marketable value of CSP but I don't think it will lose
appeal if we make it disabled by default. As I said, I agree to eventually
enable it by default, but I don't think the time is ripe yet.
On Tue, Jan 21, 2020 at 2:27 PM Martijn Dashorst
wrote:
> Not sure if enabling it by
Not sure if enabling it by default is a bad thing when you can, as per
migration guide, disable it with one statement in your
WebApplication#init().
Also, when looking at marketable features, having CSP, and enabled by
default, is something that publications will take notice of. Just like
being
I do agree with Andrea. I think it's better to have to add one line of code
to enable the feature, than the opposite... Or better, it can be a flag
like development/deployment.
This way we can issue a warning at startup, same kind of warning when we
are running on development mode...
We can also
We are not forcing uses to comply with a strict CSP when we enable it
by default. It's just a setting, which can be turned off with a single
line of code that will be put in the migration guide. Enabling this by
default will however protect new applications out of the box and raise
the awareness
IMHO forcing users to adopt a new potential breaking feature is a
mistake. We should wait for a wider interest in CSP to enable it by
default. Don't get me wrong, I'm not underestimating the importance of
this feature which is a fantastic tool to ensure security. Nonetheless,
I believe that
papegaaij commented on a change in pull request #400: WICKET-6725: replace
display: none by css class
URL: https://github.com/apache/wicket/pull/400#discussion_r368979027
##
File path:
wicket-core/src/main/java/org/apache/wicket/protocol/http/WebApplication.java
##
@@
papegaaij commented on a change in pull request #400: WICKET-6725: replace
display: none by css class
URL: https://github.com/apache/wicket/pull/400#discussion_r368978477
##
File path:
wicket-core/src/main/java/org/apache/wicket/settings/ResourceSettings.java
##
@@
martin-g commented on a change in pull request #400: WICKET-6725: replace
display: none by css class
URL: https://github.com/apache/wicket/pull/400#discussion_r368975915
##
File path:
wicket-core/src/test/java/org/apache/wicket/markup/html/basic/RedirectPage-expected1.html
papegaaij commented on a change in pull request #400: WICKET-6725: replace
display: none by css class
URL: https://github.com/apache/wicket/pull/400#discussion_r368974578
##
File path:
wicket-core/src/test/java/org/apache/wicket/markup/html/basic/RedirectPage-expected1.html
On Tue, Jan 21, 2020 at 12:36 PM Martin Grigorov wrote:
>
> On Mon, Jan 13, 2020 at 11:15 PM Emond Papegaaij
> wrote:
>
> > I've discussed this with our unit manager, and got permission to
> > donate our CSP code to Wicket. I think a strong, out of the box CSP is
> > a killer feature to have for
On Mon, Jan 13, 2020 at 11:15 PM Emond Papegaaij
wrote:
> I've discussed this with our unit manager, and got permission to
> donate our CSP code to Wicket. I think a strong, out of the box CSP is
> a killer feature to have for Wicket 9. Not many frameworks can match
> this. For this, I would
martin-g commented on a change in pull request #400: WICKET-6725: replace
display: none by css class
URL: https://github.com/apache/wicket/pull/400#discussion_r368947706
##
File path:
wicket-core/src/main/java/org/apache/wicket/settings/ResourceSettings.java
##
@@ -770,4
martin-g commented on a change in pull request #400: WICKET-6725: replace
display: none by css class
URL: https://github.com/apache/wicket/pull/400#discussion_r368948446
##
File path:
wicket-core/src/test/java/org/apache/wicket/markup/html/basic/RedirectPage-expected1.html
martin-g commented on a change in pull request #400: WICKET-6725: replace
display: none by css class
URL: https://github.com/apache/wicket/pull/400#discussion_r368947117
##
File path:
wicket-core/src/main/java/org/apache/wicket/protocol/http/WebApplication.java
##
@@
martin-g commented on a change in pull request #399: WICKET-6727: Configurable
Content-Security-Policy
URL: https://github.com/apache/wicket/pull/399#discussion_r368904046
##
File path:
wicket-core/src/main/java/org/apache/wicket/csp/FixedCSPDirective.java
##
@@ -0,0
martin-g commented on a change in pull request #399: WICKET-6727: Configurable
Content-Security-Policy
URL: https://github.com/apache/wicket/pull/399#discussion_r368908158
##
File path:
wicket-core/src/test/java/org/apache/wicket/csp/CSPSettingRequestCycleListenerTest.java
martin-g commented on a change in pull request #399: WICKET-6727: Configurable
Content-Security-Policy
URL: https://github.com/apache/wicket/pull/399#discussion_r368908845
##
File path:
wicket-core/src/test/java/org/apache/wicket/csp/CSPSettingRequestCycleListenerTest.java
martin-g commented on a change in pull request #399: WICKET-6727: Configurable
Content-Security-Policy
URL: https://github.com/apache/wicket/pull/399#discussion_r368895838
##
File path: wicket-core/src/main/java/org/apache/wicket/csp/CSPDirective.java
##
@@ -0,0 +1,208 @@
martin-g commented on a change in pull request #399: WICKET-6727: Configurable
Content-Security-Policy
URL: https://github.com/apache/wicket/pull/399#discussion_r368909863
##
File path:
wicket-examples/src/main/java/org/apache/wicket/examples/WicketExampleApplication.java
martin-g commented on a change in pull request #399: WICKET-6727: Configurable
Content-Security-Policy
URL: https://github.com/apache/wicket/pull/399#discussion_r368907006
##
File path:
wicket-core/src/test/java/org/apache/wicket/csp/CSPSettingRequestCycleListenerTest.java
martin-g commented on a change in pull request #399: WICKET-6727: Configurable
Content-Security-Policy
URL: https://github.com/apache/wicket/pull/399#discussion_r368902798
##
File path:
wicket-core/src/main/java/org/apache/wicket/csp/ContentSecurityPolicyEnforcer.java
##
martin-g commented on a change in pull request #399: WICKET-6727: Configurable
Content-Security-Policy
URL: https://github.com/apache/wicket/pull/399#discussion_r368903438
##
File path:
wicket-core/src/main/java/org/apache/wicket/csp/ContentSecurityPolicyEnforcer.java
##
martin-g commented on a change in pull request #399: WICKET-6727: Configurable
Content-Security-Policy
URL: https://github.com/apache/wicket/pull/399#discussion_r368901056
##
File path: wicket-core/src/main/java/org/apache/wicket/csp/CSPRenderable.java
##
@@ -0,0 +1,42 @@
papegaaij opened a new pull request #400: WICKET-6725: replace display: none by
css class
URL: https://github.com/apache/wicket/pull/400
This PR replaces inline display: none with a CSS class and a stylesheet. The
stylesheet is managed by Wicket and added automatically. You can change or
41 matches
Mail list logo