[
https://issues.apache.org/jira/browse/WICKET-7107?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17911858#comment-17911858
]
ASF subversion and git services commented on WICKET-7107:
---------------------------------------------------------
Commit 0968c081425b79ee9d1c4a0058621804863c5c3a in wicket's branch
refs/heads/dependabot/maven/metrics.version-4.2.29 from Pedro Henrique Oliveira
dos Santos
[ https://gitbox.apache.org/repos/asf?p=wicket.git;h=0968c08142 ]
Revert "WICKET-7107 configure ContentSecurityPolicySettings to protect buffered
pages"
This reverts commit 6f1d6a2ce7046f446c52e977ac4c9edb5d201471.
> CSP Header not rendered when using RedirectPolicy.AUTO_REDIRECT
> ---------------------------------------------------------------
>
> Key: WICKET-7107
> URL: https://issues.apache.org/jira/browse/WICKET-7107
> Project: Wicket
> Issue Type: Bug
> Components: wicket-core
> Affects Versions: 9.16.0
> Reporter: Dirk Forchel
> Assignee: Pedro Santos
> Priority: Major
> Attachments: myproject.zip
>
>
> If we redirect to another Web Page and use the RedirectPolicy.AUTO_REDIRECT,
> this results in the CSP directives being missing in the head of the result
> page.
> I've attached a quickstart application to show the error. Just browse to
> [http://localhost:8080/redirect|http://localhost:8080/redirect.] and use the
> browser's developer console of your choice. The CSP is not included if Wicket
> performs a RestartResponseException with a WebPage instance like this
> {code:java}
> throw new RestartResponseException(new HomePage(new PageParameters()));{code}
> If you open the home page directly
> [http://localhost:8080/|http://localhost:8080/redirect.] the response does
> include a CSP.
> There is an additional test for the CSPRequestCycleListener with different
> page classes as test parameters.
> Relates to https://issues.apache.org/jira/browse/WICKET-7028
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
