martin-g commented on a change in pull request #399: WICKET-6727: Configurable
Content-Security-Policy
URL: https://github.com/apache/wicket/pull/399#discussion_r369383970
##########
File path:
wicket-examples/src/main/java/org/apache/wicket/examples/WicketExampleApplication.java
##########
@@ -57,5 +58,7 @@ protected void init()
getDebugSettings().setDevelopmentUtilitiesEnabled(true);
getResourceSettings().setCssCompressor(new CssUrlReplacer());
+ getCsp().blocking().add(CSPDirective.STYLE_SRC,
"https://maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css";)
+ .add(CSPDirective.FONT_SRC,
"https://maxcdn.bootstrapcdn.com";);
Review comment:
If a CDN delivers `anything` but the expected content then this CDN will be
out of the game in no time.
The benefit of using CDNs is that there is a bigger chance the resource to
be already in the browser cache. How exactly HTTP2 invalidates this benefit ?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
