svn commit: r1075016 - /wicket/trunk/wicket-core/src/main/java/org/apache/wicket/markup/html/link/ExternalLink.java

Sun, 27 Feb 2011 02:13:17 -0800 

Author: mgrigorov
Date: Sun Feb 27 10:12:49 2011
New Revision: 1075016

URL: http://svn.apache.org/viewvc?rev=1075016&view=rev
Log:
WICKET-3469 Referrer Leaking with ExternalLink

Update the javadoc explaining how to link to external url without leaking the 
session id in the referrer header.


Modified:
    
wicket/trunk/wicket-core/src/main/java/org/apache/wicket/markup/html/link/ExternalLink.java

Modified: 
wicket/trunk/wicket-core/src/main/java/org/apache/wicket/markup/html/link/ExternalLink.java
URL: 
http://svn.apache.org/viewvc/wicket/trunk/wicket-core/src/main/java/org/apache/wicket/markup/html/link/ExternalLink.java?rev=1075016&r1=1075015&r2=1075016&view=diff
==============================================================================
--- 
wicket/trunk/wicket-core/src/main/java/org/apache/wicket/markup/html/link/ExternalLink.java
 (original)
+++ 
wicket/trunk/wicket-core/src/main/java/org/apache/wicket/markup/html/link/ExternalLink.java
 Sun Feb 27 10:12:49 2011
@@ -19,6 +19,7 @@ package org.apache.wicket.markup.html.li
 import org.apache.wicket.markup.ComponentTag;
 import org.apache.wicket.model.IModel;
 import org.apache.wicket.model.Model;
+import org.apache.wicket.protocol.http.WebApplication;
 import org.apache.wicket.request.cycle.RequestCycle;
 import org.apache.wicket.request.flow.RedirectToUrlException;
 import org.apache.wicket.util.string.UrlUtils;
@@ -32,8 +33,12 @@ import org.apache.wicket.util.string.Url
  * <p>
  * <strong>Note</strong>: in the case when the support for cookies in the 
browser is disabled the
  * user's jsessionid will leak in the 'Referrer' header after clicking this 
link. If this is a
- * problem for the application then better use {@link Link} which redirects to 
the new URL using
- * {@link RedirectToUrlException}.
+ * problem for the application then better use a {@link Link} which redirects 
to a shared resource
+ * (see
+ * {@link WebApplication#mountResource(String, 
org.apache.wicket.request.resource.ResourceReference)}
+ * , e.g. "/myapp/redirecting-resource?url=...") which on its side redirects 
to the new URL using
+ * {@link RedirectToUrlException}. Another option is to use 
<code>rel="noreferrer"</code> attribute
+ * in your markup but this will work only in the modern browsers (supporting 
HTML5 standard).
  * 
  * @author Juergen Donnerstag
  */

Reply via email to