Hello Sebastien, to bypass Content Security Policy: The page’s settings blocked the loading of a resource at inline (“style-src”). 2 jquery-3.4.1-ver-1586053743308.js :4817:39
I have added log-point to this line and print all `elem` to console these errors are caused by Ajax updates `elem` usually contains elements with inline style attributes On Sun, 5 Apr 2020 at 13:41, Sebastien Briquet <sbriq...@apache.org> wrote: > Hi, > > I'm currently testing M5 against Wicket JQuery UI / Wicket Kendo UI. > With CSP disabled, it seems to work as expected! > > I'm upgrading the sample application to make it work with CSP enabled. So > far it works (even not yet complete), but some things seems to be out of my > hands, like: > > Content Security Policy: The page’s settings blocked the loading of a > resource at inline (“style-src”). 2 jquery-3.4.1-ver-1586053743308.js > :4817:39 > < > http://localhost:8080/wicket-jquery-ui/wicket/resource/org.apache.wicket.resource.JQueryResourceReference/jquery/jquery-3.4.1-ver-1586053743308.js > > > > It seems to come from the bundled jQuery, here is the line: > tmp = getAll( fragment.appendChild( elem ), "script" ); > > The CSP error seems legit, but I don't know how we can circumvent it (did > not investigate yet)... I do have few others but I need to double check if > it comes from my jQuery usage or not... > > Anyway, I think it is good enough to release this Milestone so users can > test and report before the Final. > [x] Yes, release Apache Wicket 9.0.0-M5 > > Thanks for the big work! > Sebastien > -- Best regards, Maxim
