[wicket] branch master updated (3f6a5d3 -> 263cc1a)

papegaaij Fri, 07 Feb 2020 07:07:31 -0800

This is an automated email from the ASF dual-hosted git repository.

papegaaij pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/wicket.git.



    from 3f6a5d3  WICKET-6732: Do not render URL when link is disabled or 
invisible
     add 0a5cdf1  WICKET-6727: first code drop for configurable CSP
     add 3bed1e9  WICKET-6727: refactoring of CSP API
     add 3afb562  WICKET-6727: fix license headers
     add d1a59a8  WICKET-6727: more refactoring of the CSP API
     add 6392eda  WICKET-6727: do not extend WicketTester but WicketTestCase
     add 8dd6557  WICKET-6727: enable CSP in WebApplication and provide default 
profiles
     add cfc4615  WICKET-6727: Remove old CspNonceHeaderResponse and update 
example
     add 1e509dd  WICKET-6727: ContentSecurityPolicyEnforcer must not protect 
non-webresponses
     add 3d8c018  WICKET-6727: Updated documentation, fixed websocket, fixed 
examples
     add a83a01b  WICKET-6727: fixed CSP in several examples
     add dd868da  WICKET-6727: improved documentation
     add 1e618f3  WICKET-6727: Improved API
     add aa5e0c3  WICKET-6727: API improvements and minor changes after review
     add c83d67b  WICKET-6727: do not unwrap HeaderItems before rendering
     add cc2da2e  WICKET-6727: easy reporting and use nonce per page
     add eb3de89  WICKET-6727: license header
     new 8f7ee84  WICKET-6727: do not yet enable CSP by default, see WICKET-6733
     new 263cc1a  Merge branch 'csp-configurable'

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 .../java/org/apache/wicket/csp/CSPDirective.java   | 194 +++++++++
 .../wicket/csp/CSPDirectiveSandboxValue.java       |  39 +-
 .../apache/wicket/csp/CSPDirectiveSrcValue.java    |  61 +++
 .../apache/wicket/csp/CSPHeaderConfiguration.java  | 343 +++++++++++++++
 .../CSPHeaderMode.java}                            |  33 +-
 .../CSPNonceHeaderResponseDecorator.java}          |  51 +--
 .../java/org/apache/wicket/csp/CSPRenderable.java  |  57 +++
 .../wicket/csp/ContentSecurityPolicyEnforcer.java  | 227 ++++++++++
 .../java/org/apache/wicket/csp/FixedCSPValue.java  |  88 ++++
 .../org/apache/wicket/csp/RelativeURICSPValue.java |  72 ++++
 .../wicket/csp/ReportCSPViolationMapper.java       | 126 ++++++
 .../markup/head/filter/CspNonceHeaderResponse.java |  93 ----
 .../org/apache/wicket/mock/MockWebResponse.java    |   6 +
 .../org/apache/wicket/page/PartialPageUpdate.java  |   6 +
 .../wicket/protocol/http/BufferedWebResponse.java  |   6 +
 .../protocol/http/HeaderBufferingWebResponse.java  |   6 +
 .../wicket/protocol/http/WebApplication.java       |  37 ++
 .../protocol/http/servlet/ServletWebResponse.java  |   6 +
 .../csp/CSPSettingRequestCycleListenerTest.java    | 467 +++++++++++++++++++++
 .../markup/head/filter/CspNoncePageExpected.html   |   3 +-
 .../head/filter/FilteringHeaderResponseTest.java   |  31 +-
 .../wicket/examples/WicketExampleApplication.java  |   3 +
 .../apache/wicket/examples/WicketExamplePage.html  |   4 +-
 .../examples/asemail/MailTemplateApplication.java  |   4 +-
 .../examples/authorization/RolesApplication.java   |   4 +-
 .../examples/breadcrumb/BreadCrumbApplication.java |   3 +-
 .../apache/wicket/examples/cdi/CdiApplication.java |   4 +-
 .../apache/wicket/examples/csp/CspApplication.java |  35 +-
 .../CustomLoadedTemplate.html                      |   4 +-
 .../examples/kittenCaptcha/WicketApplication.java  |   4 +-
 .../examples/repeater/RepeaterApplication.java     |   4 +-
 .../ResourceDecorationApplication.java             |   3 +-
 .../spring/common/web/ExampleApplication.java      |   4 +-
 .../wicket/examples/tree/TreeApplication.java      |   3 +-
 .../velocity/VelocityTemplateApplication.java      |   4 +-
 .../examples/websocket/JSR356Application.java      |   7 +-
 .../wicket/examples/wizard/WizardApplication.java  |   4 +-
 .../wicket/protocol/ws/api/WebSocketResponse.java  |   5 +
 .../apache/wicket/request/http/WebResponse.java    |   9 +
 39 files changed, 1845 insertions(+), 215 deletions(-)
 create mode 100644 
wicket-core/src/main/java/org/apache/wicket/csp/CSPDirective.java
 copy 
wicket-request/src/main/java/org/apache/wicket/request/handler/EmptyRequestHandler.java
 => 
wicket-core/src/main/java/org/apache/wicket/csp/CSPDirectiveSandboxValue.java 
(57%)
 create mode 100644 
wicket-core/src/main/java/org/apache/wicket/csp/CSPDirectiveSrcValue.java
 create mode 100644 
wicket-core/src/main/java/org/apache/wicket/csp/CSPHeaderConfiguration.java
 copy 
wicket-core/src/main/java/org/apache/wicket/{markup/head/IReferenceHeaderItem.java
 => csp/CSPHeaderMode.java} (66%)
 copy 
wicket-core/src/main/java/org/apache/wicket/{markup/head/filter/SubresourceHeaderResponse.java
 => csp/CSPNonceHeaderResponseDecorator.java} (50%)
 create mode 100644 
wicket-core/src/main/java/org/apache/wicket/csp/CSPRenderable.java
 create mode 100644 
wicket-core/src/main/java/org/apache/wicket/csp/ContentSecurityPolicyEnforcer.java
 create mode 100644 
wicket-core/src/main/java/org/apache/wicket/csp/FixedCSPValue.java
 create mode 100644 
wicket-core/src/main/java/org/apache/wicket/csp/RelativeURICSPValue.java
 create mode 100644 
wicket-core/src/main/java/org/apache/wicket/csp/ReportCSPViolationMapper.java
 delete mode 100644 
wicket-core/src/main/java/org/apache/wicket/markup/head/filter/CspNonceHeaderResponse.java
 create mode 100644 
wicket-core/src/test/java/org/apache/wicket/csp/CSPSettingRequestCycleListenerTest.java

[wicket] branch master updated (3f6a5d3 -> 263cc1a)

Reply via email to