Hello Edmond, It seems you accidentally re-format license header ...
On Fri, 13 Mar 2020 at 15:44, <papega...@apache.org> wrote: > > This is an automated email from the ASF dual-hosted git repository. > > papegaaij pushed a commit to branch master > in repository https://gitbox.apache.org/repos/asf/wicket.git > > > The following commit(s) were added to refs/heads/master by this push: > new 1619809 WICKET-6727: only render CSP on RenderPageRequestHandler > 1619809 is described below > > commit 16198099d8a965f17c85d2de7a6dce36b000ec26 > Author: Emond Papegaaij <emond.papega...@topicus.nl> > AuthorDate: Fri Mar 13 09:44:36 2020 +0100 > > WICKET-6727: only render CSP on RenderPageRequestHandler > --- > .../apache/wicket/csp/CSPRequestCycleListener.java | 8 +-- > .../apache/wicket/examples/csp/NonceDemoPage.html | 1 + > .../apache/wicket/examples/csp/NonceDemoPage.java | 71 > ++++++++++++---------- > 3 files changed, 45 insertions(+), 35 deletions(-) > > diff --git > a/wicket-core/src/main/java/org/apache/wicket/csp/CSPRequestCycleListener.java > > b/wicket-core/src/main/java/org/apache/wicket/csp/CSPRequestCycleListener.java > index f0acc52..3250174 100644 > --- > a/wicket-core/src/main/java/org/apache/wicket/csp/CSPRequestCycleListener.java > +++ > b/wicket-core/src/main/java/org/apache/wicket/csp/CSPRequestCycleListener.java > @@ -16,8 +16,8 @@ > */ > package org.apache.wicket.csp; > > -import org.apache.wicket.core.request.handler.BufferedResponseRequestHandler; > import org.apache.wicket.core.request.handler.IPageClassRequestHandler; > +import org.apache.wicket.core.request.handler.RenderPageRequestHandler; > import org.apache.wicket.request.IRequestHandler; > import org.apache.wicket.request.IRequestHandlerDelegate; > import org.apache.wicket.request.cycle.IRequestCycleListener; > @@ -81,11 +81,11 @@ public class CSPRequestCycleListener implements > IRequestCycleListener > { > return > mustProtect(((IRequestHandlerDelegate)handler).getDelegateHandler()); > } > - if (handler instanceof IPageClassRequestHandler) > + if (handler instanceof RenderPageRequestHandler) > { > - return > settings.mustProtectPageRequest((IPageClassRequestHandler)handler); > + return > settings.mustProtectPageRequest((RenderPageRequestHandler)handler); > } > - return !(handler instanceof BufferedResponseRequestHandler); > + return false; > } > > } > diff --git > a/wicket-examples/src/main/java/org/apache/wicket/examples/csp/NonceDemoPage.html > > b/wicket-examples/src/main/java/org/apache/wicket/examples/csp/NonceDemoPage.html > index 32549a7..d22b416 100644 > --- > a/wicket-examples/src/main/java/org/apache/wicket/examples/csp/NonceDemoPage.html > +++ > b/wicket-examples/src/main/java/org/apache/wicket/examples/csp/NonceDemoPage.html > @@ -13,6 +13,7 @@ > <p></p> > <button wicket:id="clickMe"><wicket:message key="clickMe" /></button> > <div class="click-me-text">Click a button above to replace this > text</div> > + <div wicket:id="blacktext">This text will stay black even though > color:red is added by the button above</div> > <div><wicket:message key="clickMeCount" /> <span > wicket:id="clickMeCount"></span></div> > <p></p> > <div wicket:id="delayedVisible" class="delayed-visible">This delayed > shown text should be green and bold</div> > diff --git > a/wicket-examples/src/main/java/org/apache/wicket/examples/csp/NonceDemoPage.java > > b/wicket-examples/src/main/java/org/apache/wicket/examples/csp/NonceDemoPage.java > index dce8079..4fe81b0 100644 > --- > a/wicket-examples/src/main/java/org/apache/wicket/examples/csp/NonceDemoPage.java > +++ > b/wicket-examples/src/main/java/org/apache/wicket/examples/csp/NonceDemoPage.java > @@ -1,21 +1,16 @@ > /* > - * Licensed to the Apache Software Foundation (ASF) under one or more > - * contributor license agreements. See the NOTICE file distributed with > - * this work for additional information regarding copyright ownership. > - * The ASF licenses this file to You under the Apache License, Version 2.0 > - * (the "License"); you may not use this file except in compliance with > - * the License. You may obtain a copy of the License at > - * > - * http://www.apache.org/licenses/LICENSE-2.0 > - * > - * Unless required by applicable law or agreed to in writing, software > - * distributed under the License is distributed on an "AS IS" BASIS, > - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. > - * See the License for the specific language governing permissions and > - * limitations under the License. > + * Licensed to the Apache Software Foundation (ASF) under one or more > contributor license > + * agreements. See the NOTICE file distributed with this work for additional > information regarding > + * copyright ownership. The ASF licenses this file to You under the Apache > License, Version 2.0 (the > + * "License"); you may not use this file except in compliance with the > License. You may obtain a > + * copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless > required by applicable > + * law or agreed to in writing, software distributed under the License is > distributed on an "AS IS" > + * BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or > implied. See the License > + * for the specific language governing permissions and limitations under the > License. > */ > package org.apache.wicket.examples.csp; > > +import org.apache.wicket.AttributeModifier; > import org.apache.wicket.ajax.AjaxRequestTarget; > import org.apache.wicket.ajax.markup.html.AjaxLink; > import org.apache.wicket.examples.WicketExamplePage; > @@ -35,10 +30,13 @@ import > org.apache.wicket.request.resource.ResourceReference; > */ > public class NonceDemoPage extends WicketExamplePage > { > - > - private static final ResourceReference JS_DELAYED = new > JavaScriptResourceReference(NonceDemoPage.class, "delayedVisible.js"); > - private static final ResourceReference CSS_DELAYED = new > CssResourceReference(NonceDemoPage.class, "delayedVisible.css"); > - > + > + private static final ResourceReference JS_DELAYED = > + new JavaScriptResourceReference(NonceDemoPage.class, > "delayedVisible.js"); > + > + private static final ResourceReference CSS_DELAYED = > + new CssResourceReference(NonceDemoPage.class, > "delayedVisible.css"); > + > private final IModel<Integer> clickMeCountModel = Model.of(0); > > public NonceDemoPage() > @@ -50,13 +48,16 @@ public class NonceDemoPage extends WicketExamplePage > final Label clickMeCount = new Label("clickMeCount", > clickMeCountModel); > clickMeCount.setOutputMarkupId(true); > add(clickMeCount); > - > - final WebMarkupContainer delayedVisible = new > WebMarkupContainer("delayedVisible") { > + > + final WebMarkupContainer delayedVisible = new > WebMarkupContainer("delayedVisible") > + { > + private static final long serialVersionUID = 1L; > + > @Override > public void renderHead(IHeaderResponse response) > { > super.renderHead(response); > - > + > > response.render(JavaScriptHeaderItem.forReference(JS_DELAYED)); > > response.render(CssHeaderItem.forReference(CSS_DELAYED)); > } > @@ -65,8 +66,14 @@ public class NonceDemoPage extends WicketExamplePage > delayedVisible.setVisible(false); > add(delayedVisible); > > + WebMarkupContainer blacktext = new > WebMarkupContainer("blacktext"); > + blacktext.setOutputMarkupId(true); > + add(blacktext); > + > add(new AjaxLink<String>("clickMe") > { > + private static final long serialVersionUID = 1L; > + > @Override > public void onClick(AjaxRequestTarget target) > { > @@ -75,11 +82,15 @@ public class NonceDemoPage extends WicketExamplePage > // target.add (works even without unsafe-eval) > target.add(clickMeCount); > > - // append javascript (won't work without > unsafe-eval) > - > target.appendJavaScript("document.querySelector(\".click-me-text\").innerHTML > = \"replaced\";"); > - > + // append javascript (works even without > unsafe-eval) > + target.appendJavaScript( > + > "document.querySelector(\".click-me-text\").innerHTML = \"replaced\";"); > + > delayedVisible.setVisible(true); > target.add(delayedVisible); > + > + > blacktext.add(AttributeModifier.replace("style", "color: red")); > + target.add(blacktext); > } > }.setOutputMarkupId(true)); > } > @@ -90,14 +101,12 @@ public class NonceDemoPage extends WicketExamplePage > super.renderHead(response); > // Add inline script with nonce > response.render(JavaScriptHeaderItem.forScript( > - > "$(function(){$(\".test-nonce-script\").html(\"Text injected by script with > nonce: success\");});", > - "test-nonce-script" > - )); > + "$(function(){$(\".test-nonce-script\").html(\"Text > injected by script with nonce: success\");});", > + "test-nonce-script")); > // Add inline css with nonce > - response.render(CssHeaderItem.forCSS( > - ".injected-style--with-nonce{color: green; > font-weight: bold;}", > - "injected-style-with-nonce") > - ); > + response.render( > + > CssHeaderItem.forCSS(".injected-style--with-nonce{color: green; font-weight: > bold;}", > + "injected-style-with-nonce")); > } > > @Override > -- WBR Maxim aka solomax
