[jira] [Commented] (WICKET-7096) stylesheets referenced via automatic linking miss nonce attribute

Thu, 18 Jan 2024 00:29:03 -0800 


    [ 
https://issues.apache.org/jira/browse/WICKET-7096?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17808082#comment-17808082
 ] 

ASF GitHub Bot commented on WICKET-7096:
----------------------------------------

martin-g commented on PR #768:
URL: https://github.com/apache/wicket/pull/768#issuecomment-1898013549

   Thank you, @sebthom !




> stylesheets referenced via automatic linking miss nonce attribute
> -----------------------------------------------------------------
>
>                 Key: WICKET-7096
>                 URL: https://issues.apache.org/jira/browse/WICKET-7096
>             Project: Wicket
>          Issue Type: Bug
>          Components: wicket-core
>    Affects Versions: 10.0.0-M2
>            Reporter: Sebastian T
>            Priority: Major
>
> I am running a Wicket App with:
> {code:java}
> getCspSettings().blocking();
> getMarkupSettings().setAutomaticLinking(true);
> {code}
> I have a base.css file in the same folder as the Wicket page and add it to 
> html like this:
> {code:html}
> <link rel="stylesheet" href="base.css" type="text/css" />
> {code}
> This is rendered by wicket to
> {code:html}
> <link rel="stylesheet" 
> href="./wicket/resource/com.example.MyPage/base-ver-1705259207805.css" 
> type="text/css" data-wicket-path="html___autolink__-1754779463"/>
> {code}
> This result in:
> {noformat}
> Content-Security-Policy: The page’s settings blocked the loading of a 
> resource at 
> http://localhost:8080/wicket/resource/com.example.MyPage/base-ver-1705259207805.css
>  (“style-src”).
> {noformat}
> -----------------
> If I however add the stylesheet programmatically like this:
> {code:java}
> public void renderHead(final IHeaderResponse response) {
>   super.renderHead(response);
>   response.render(CssHeaderItem.forReference(new 
> CssResourceReference(MyPage.class, "base.css")));
> }
> {code}
> the required nonce is added as expected:
> {code:html}
> <link rel="stylesheet" 
> href="./wicket/resource/com.example.MyPage/base-ver-1705259207805.css" 
> type="text/css" nonce="Fkg6q7ZOaX_uLN6aFESVwZVM" />
> {code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to