It is true that support is lacking for some browsers. A browser
> > that
> > > > > > does not support CSP at all (like IE11) is not hindered by it
> > either.
> > > > > > It becomes more problematic when a browser does not support the
&
issues and
> we
> > > > > need to test that and change the CSP to make sure it works in those
> > > > > browsers as well. IMHO as a framework it is our job to set an
> example
> > > > > and show how we think this is done best. When a user thinks the
n a browser does not support the
> > > > > directives used (like strict-dynamic). This might cause issues and
> we
> > > > > need to test that and change the CSP to make sure it works in those
> > > > > browsers as well. IMHO as a framework it is
as a framework it is our job to set an example
> > > > and show how we think this is done best. When a user thinks the gained
> > > > security is not worth the pain, he/she can disable it and hope for the
> > > > best.
> > > >
> > > > Best
it and hope for the
> > > best.
> > >
> > > Best regards,
> > > Emond
> > >
> > >>> I've already started the work on the 'csp' branch. On this branch,
> > >>> I've also migrated all but the servlet API to the jakarta namespace
n 12, 2020 at 8:18 PM Emond Papegaaij
> >>> wrote:
> >>>> Searching through our Jira, I've found WICKET-6687, filed by Andrew.
> >>>> He already pinpointed several places that break with a strict CSP
> >>>> enabled. I'm going to convert tha
I do agree with Andrea. I think it's better to have to add one line of code
to enable the feature, than the opposite... Or better, it can be a flag
like development/deployment.
This way we can issue a warning at startup, same kind of warning when we
are running on development mode...
We can also
ted all but the servlet API to the jakarta namespace.
> >>>
> >>> Best regards,
> >>> Emond
> >>>
> >>> On Sun, Jan 12, 2020 at 8:18 PM Emond Papegaaij
> >>> wrote:
> >>>> Searching through our Jira, I've found WICKET-6687, filed b
not have
epic) and create new bugs for all issues in that ticket. That should
make it easier to track progress.
Best regards,
Emond
On Sat, Jan 11, 2020 at 10:31 PM Emond Papegaaij
wrote:
Hi all,
For the past few days I've been experimenting with the new CSP
features in Wicket 9. I really want
That should
> > > make it easier to track progress.
> > >
> > > Best regards,
> > > Emond
> > >
> > > On Sat, Jan 11, 2020 at 10:31 PM Emond Papegaaij
> > > wrote:
> > > >
> > > > Hi all,
&
issues in that ticket. That should
> > make it easier to track progress.
> >
> > Best regards,
> > Emond
> >
> > On Sat, Jan 11, 2020 at 10:31 PM Emond Papegaaij
> > wrote:
> > >
> > > Hi all,
> > >
> > > For the past f
;
> On Sat, Jan 11, 2020 at 10:31 PM Emond Papegaaij
> wrote:
> >
> > Hi all,
> >
> > For the past few days I've been experimenting with the new CSP
> > features in Wicket 9. I really want to thank Andrew, Sven and Martin
> > for the great work you gu
progress.
Best regards,
Emond
On Sat, Jan 11, 2020 at 10:31 PM Emond Papegaaij
wrote:
>
> Hi all,
>
> For the past few days I've been experimenting with the new CSP
> features in Wicket 9. I really want to thank Andrew, Sven and Martin
> for the great work you guys did in making
Hi all,
For the past few days I've been experimenting with the new CSP
features in Wicket 9. I really want to thank Andrew, Sven and Martin
for the great work you guys did in making this possible. I'm getting
very close to running my application with a very tight and secure CSP.
Unfortunately
14 matches
Mail list logo