[jira] [Resolved] (WICKET-7096) stylesheets referenced via automatic linking miss nonce attribute

Thu, 18 Jan 2024 00:29:05 -0800 


     [ 
https://issues.apache.org/jira/browse/WICKET-7096?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Martin Tzvetanov Grigorov resolved WICKET-7096.
-----------------------------------------------
    Fix Version/s: 10.0.0-M3
                   9.17.0
         Assignee: Martin Tzvetanov Grigorov
       Resolution: Fixed

> stylesheets referenced via automatic linking miss nonce attribute
> -----------------------------------------------------------------
>
>                 Key: WICKET-7096
>                 URL: https://issues.apache.org/jira/browse/WICKET-7096
>             Project: Wicket
>          Issue Type: Bug
>          Components: wicket-core
>    Affects Versions: 10.0.0-M2
>            Reporter: Sebastian T
>            Assignee: Martin Tzvetanov Grigorov
>            Priority: Major
>             Fix For: 10.0.0-M3, 9.17.0
>
>
> I am running a Wicket App with:
> {code:java}
> getCspSettings().blocking();
> getMarkupSettings().setAutomaticLinking(true);
> {code}
> I have a base.css file in the same folder as the Wicket page and add it to 
> html like this:
> {code:html}
> <link rel="stylesheet" href="base.css" type="text/css" />
> {code}
> This is rendered by wicket to
> {code:html}
> <link rel="stylesheet" 
> href="./wicket/resource/com.example.MyPage/base-ver-1705259207805.css" 
> type="text/css" data-wicket-path="html___autolink__-1754779463"/>
> {code}
> This result in:
> {noformat}
> Content-Security-Policy: The page’s settings blocked the loading of a 
> resource at 
> http://localhost:8080/wicket/resource/com.example.MyPage/base-ver-1705259207805.css
>  (“style-src”).
> {noformat}
> -----------------
> If I however add the stylesheet programmatically like this:
> {code:java}
> public void renderHead(final IHeaderResponse response) {
>   super.renderHead(response);
>   response.render(CssHeaderItem.forReference(new 
> CssResourceReference(MyPage.class, "base.css")));
> }
> {code}
> the required nonce is added as expected:
> {code:html}
> <link rel="stylesheet" 
> href="./wicket/resource/com.example.MyPage/base-ver-1705259207805.css" 
> type="text/css" nonce="Fkg6q7ZOaX_uLN6aFESVwZVM" />
> {code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to