[jira] [Commented] (WICKET-5319) CryptoMapper encrypts external URLs in ResourceReferences making the resources inaccessible

Fri, 23 Aug 2013 09:41:11 -0700 

    [ 
https://issues.apache.org/jira/browse/WICKET-5319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13748688#comment-13748688
 ] 

Walter B. Rasmann commented on WICKET-5319:
-------------------------------------------

Thank you very much. I will test my code with a snapshot as soon as possible.
                
> CryptoMapper encrypts external URLs in ResourceReferences making the 
> resources inaccessible
> -------------------------------------------------------------------------------------------
>
>                 Key: WICKET-5319
>                 URL: https://issues.apache.org/jira/browse/WICKET-5319
>             Project: Wicket
>          Issue Type: Bug
>    Affects Versions: 6.9.1
>         Environment: Linux
>            Reporter: Walter B. Rasmann
>            Assignee: Sven Meier
>            Priority: Minor
>             Fix For: 7.0.0, 6.11.0
>
>         Attachments: 5319.tar.gz
>
>
> Short Description: 
> CryptoMapper encrypts links to resources with URLs of the form:
>  - http://domain/path/script.js
>  - /local/absolute/path/script.js
> Additionally there might be some inconsistencies in handling URLs in 
> instances of ResourceReference.
> The problem occurs when JavaScript resources are included in the following 
> way:
> @Override
> public void renderHead(IHeaderResponse response)
> {
>       super.renderHead(response);
>       
>       UrlResourceReference reference = new 
> UrlResourceReference(Url.parse("http://domain/path/script.js";));
>       response.render(reference);
> }
> The resulting JavaScript links can't be loaded (404 is returned) when 
> CryptoMapper is used.
> This is a minor problem, because the following always works for JavaScript 
> files not served by Wicket ("external JavaScript files"):
> response.render(new StringHeaderItem("<script type=\"text/javascript\" 
> src=\"//domain/myPath/manual.js\"></script>");
> Ways to reproduce: 
>   A code example for wicket-examples is attached (example.zip)
>   Local URLs:
>      http://localhost:8080/enc/index
>      http://localhost:8080/unenc/index
> Possible fix: 
>  - disable encryption for URLs beginning with '/', '<schema>://' and '//' and 
> not served/filtered by Wicket
>  (
>  - define different reference classes for external files and files 
> served/filtered by Wicket, issue warnings when a wrong URL type is supplied 
> by the user or treat URLs beginning with '/', '<schema>://' and '//' 
> differently
>  )
> Thank you

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to