[
https://issues.apache.org/jira/browse/WICKET-5319?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Walter B. Rasmann updated WICKET-5319:
--------------------------------------
Description:
Short Description:
CryptoMapper encrypts links to resources with URLs of the form:
- http://domain/path/script.js
- /local/absolute/path/script.js
Additionally there might be some inconsistencies in handling URLs in instances
of ResourceReference.
The problem occurs when JavaScript resources are included in the following way:
{noformat}
@Override
public void renderHead(IHeaderResponse response)
{
super.renderHead(response);
UrlResourceReference reference = new
UrlResourceReference(Url.parse("http://domain/path/script.js";));
response.render(reference);
}
{noformat}
The resulting JavaScript links can't be loaded (404 is returned) when
CryptoMapper is used.
This is a minor problem, because the following always works for JavaScript
files not served by Wicket ("external JavaScript files"):
{code}
response.render(new StringHeaderItem("<script type=\"text/javascript\"
src=\"//domain/myPath/manual.js\"></script>");
{code}
Ways to reproduce:
A code example for wicket-examples is attached (example.zip)
Local URLs:
http://localhost:8080/enc/index
http://localhost:8080/unenc/index
Possible fix:
- disable encryption for URLs beginning with '/', '<schema>://' and '//' and
not served/filtered by Wicket
(
- define different reference classes for external files and files
served/filtered by Wicket, issue warnings when a wrong URL type is supplied by
the user or treat URLs beginning with '/', '<schema>://' and '//' differently
)
Thank you
was:
Short Description:
CryptoMapper encrypts links to resources with URLs of the form:
- http://domain/path/script.js
- /local/absolute/path/script.js
Additionally there might be some inconsistencies in handling URLs in instances
of ResourceReference.
The problem occurs when JavaScript resources are included in the following way:
{code:java}
@Override
public void renderHead(IHeaderResponse response)
{
super.renderHead(response);
UrlResourceReference reference = new
UrlResourceReference(Url.parse("http://domain/path/script.js";));
response.render(reference);
}
{code}
The resulting JavaScript links can't be loaded (404 is returned) when
CryptoMapper is used.
This is a minor problem, because the following always works for JavaScript
files not served by Wicket ("external JavaScript files"):
{code}
response.render(new StringHeaderItem("<script type=\"text/javascript\"
src=\"//domain/myPath/manual.js\"></script>");
{code}
Ways to reproduce:
A code example for wicket-examples is attached (example.zip)
Local URLs:
http://localhost:8080/enc/index
http://localhost:8080/unenc/index
Possible fix:
- disable encryption for URLs beginning with '/', '<schema>://' and '//' and
not served/filtered by Wicket
(
- define different reference classes for external files and files
served/filtered by Wicket, issue warnings when a wrong URL type is supplied by
the user or treat URLs beginning with '/', '<schema>://' and '//' differently
)
Thank you
> CryptoMapper encrypts external URLs in ResourceReferences making the
> resources inaccessible
> -------------------------------------------------------------------------------------------
>
> Key: WICKET-5319
> URL: https://issues.apache.org/jira/browse/WICKET-5319
> Project: Wicket
> Issue Type: Bug
> Affects Versions: 6.9.1
> Environment: Linux
> Reporter: Walter B. Rasmann
> Priority: Minor
> Attachments: 5319.tar.gz
>
>
> Short Description:
> CryptoMapper encrypts links to resources with URLs of the form:
> - http://domain/path/script.js
> - /local/absolute/path/script.js
> Additionally there might be some inconsistencies in handling URLs in
> instances of ResourceReference.
> The problem occurs when JavaScript resources are included in the following
> way:
> {noformat}
> @Override
> public void renderHead(IHeaderResponse response)
> {
> super.renderHead(response);
>
> UrlResourceReference reference = new
> UrlResourceReference(Url.parse("http://domain/path/script.js";));
> response.render(reference);
> }
> {noformat}
> The resulting JavaScript links can't be loaded (404 is returned) when
> CryptoMapper is used.
> This is a minor problem, because the following always works for JavaScript
> files not served by Wicket ("external JavaScript files"):
> {code}
> response.render(new StringHeaderItem("<script type=\"text/javascript\"
> src=\"//domain/myPath/manual.js\"></script>");
> {code}
> Ways to reproduce:
> A code example for wicket-examples is attached (example.zip)
> Local URLs:
> http://localhost:8080/enc/index
> http://localhost:8080/unenc/index
> Possible fix:
> - disable encryption for URLs beginning with '/', '<schema>://' and '//' and
> not served/filtered by Wicket
> (
> - define different reference classes for external files and files
> served/filtered by Wicket, issue warnings when a wrong URL type is supplied
> by the user or treat URLs beginning with '/', '<schema>://' and '//'
> differently
> )
> Thank you
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
