Walter B. Rasmann created WICKET-5319:
-----------------------------------------
Summary: CryptoMapper encrypts external URLs in ResourceReferences
making the resources inaccessible
Key: WICKET-5319
URL: https://issues.apache.org/jira/browse/WICKET-5319
Project: Wicket
Issue Type: Bug
Affects Versions: 6.9.1
Environment: Linux
Reporter: Walter B. Rasmann
Priority: Minor
Short Description:
CryptoMapper encrypts links to resources with URLs of the form:
- http://domain/path/script.js
- /local/absolute/path/script.js
Additionally there might be some inconsistencies in handling URLs in instances
of ResourceReference.
The problem occurs when JavaScript resources are included in the following way:
@Override
public void renderHead(IHeaderResponse response)
{
super.renderHead(response);
UrlResourceReference reference = new
UrlResourceReference(Url.parse("http://domain/path/script.js";));
response.render(reference);
}
The resulting JavaScript links can't be loaded (404 is returned) when
CryptoMapper is used.
This is a minor problem, because the following always works for JavaScript
files not served by Wicket ("external JavaScript files"):
response.render(new StringHeaderItem("<script type=\"text/javascript\"
src=\"//domain/myPath/manual.js\"></script>");
Ways to reproduce:
A code example for wicket-examples is attached (example.zip)
Local URLs:
http://localhost:8080/jsref/enc/index
http://localhost:8080/jsref/unenc/index
Possible fix:
- disable encryption for URLs beginning with '/', '<schema>://' and '//' and
not served/filtered by Wicket
(
- define different reference classes for external files and files
served/filtered by Wicket, issue warnings when a wrong URL type is supplied by
the user or treat URLs beginning with '/', '<schema>://' and '//' differently
)
Thank you
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
