[wicket] branch wicket-9.x updated: Fix apache/wicket#WICKET-7007 (#539)

Mon, 26 Sep 2022 06:04:03 -0700 

This is an automated email from the ASF dual-hosted git repository.

mgrigorov pushed a commit to branch wicket-9.x
in repository https://gitbox.apache.org/repos/asf/wicket.git


The following commit(s) were added to refs/heads/wicket-9.x by this push:
     new a9b243e70a Fix apache/wicket#WICKET-7007 (#539)
a9b243e70a is described below

commit a9b243e70ab56252684a9667c9e32179c1d70279
Author: brbog <[email protected]>
AuthorDate: Mon Sep 26 15:02:16 2022 +0200

    Fix apache/wicket#WICKET-7007 (#539)
    
    Co-authored-by: Bram Bogaert <bogaert.bram+git[at]gmail.com>
    (cherry picked from commit 7a87b09e6f96f2fceccb497fa873595c726e5efb)
---
 wicket-user-guide/src/main/asciidoc/security/security_5.adoc | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/wicket-user-guide/src/main/asciidoc/security/security_5.adoc 
b/wicket-user-guide/src/main/asciidoc/security/security_5.adoc
index 5f96e30fb8..bd8b35942c 100644
--- a/wicket-user-guide/src/main/asciidoc/security/security_5.adoc
+++ b/wicket-user-guide/src/main/asciidoc/security/security_5.adoc
@@ -10,7 +10,7 @@ Just like any RequestCycle listener 
_ResourceIsolationRequestCycleListener_ must
   @Override
  protected void init() {
   super.init();
-  getRequestCycleListeners().add(new ResourseIsolationRequestCycleListener());
+  getRequestCycleListeners().add(new ResourceIsolationRequestCycleListener());
   // ...
  }
 ----
@@ -38,7 +38,7 @@ _ResourceIsolationRequestCycleListener_ is highly 
configurable. It allows to add
 
 An __IResourceIsolationPolicy__ returns a __ResourceIsolationOutcome__ after 
processing a request, which can be one of 3 values (__ALLOWED__, 
__DISALLOWED__, __UNKNOWN__). The __ResourceIsolationRequestCycleListener__ 
checks the __IResourceIsolationPolicy__ objects in order and uses the first 
outcome that is not __UNKNOWN__ to trigger the appropriate action. If all 
return __UNKNOWN__ __unknownOutcomeAction__ is applied. The actions can be 
configured through the listener.
 
-The default constructor uses the __FetchMetadataResourceIsolationPolicy__, 
which checks Fetch Metadata headers, and the 
__OriginBasedResourceIsolationPolicy__ which uses the Origin and Referer 
headers to forbid requests made from a different origin, in order. The 
__OriginBasedResourceIsolationPolicy__ contains the refactored logic of the now 
deprecated __CsrfPreventionRequestCycleListener__.
+The default constructor uses the __FetchMetadataResourceIsolationPolicy__, 
which checks Fetch Metadata headers, and the __OriginResourceIsolationPolicy__ 
which uses the Origin and Referer headers to forbid requests made from a 
different origin, in order. The __OriginResourceIsolationPolicy__ contains the 
refactored logic of the now deprecated __CsrfPreventionRequestCycleListener__.
 The listener can be configured to include custom __IResourceIsolationPolicy__ 
objects.
 
 For example:
@@ -50,7 +50,7 @@ For example:
   getRequestCycleListeners().add(
        new ResourseIsolationRequestCycleListener(
                new FetchMetadataResourceIsolationPolicy(),
-               new OriginBasedResourceIsolationPolicy(),
+               new OriginResourceIsolationPolicy(),
                new MyCustomResourceIsolationPolicy()
        ));
   // ...

Reply via email to