This vote passes! Thank you everyone!
On 4/5/20 8:45 AM, Maxim Solodovnik wrote:
Hello Sebastien,
to bypass
Content Security Policy: The page’s settings blocked the loading of a
resource at inline (“style-src”). 2 jquery-3.4.1-ver-1586053743308.js
:4817:39
I have added log-point to this line and print all `elem` to console
these errors are caused by Ajax updates
`elem` usually contains elements with inline style attributes
On Sun, 5 Apr 2020 at 13:41, Sebastien Briquet <sbriq...@apache.org> wrote:
Hi,
I'm currently testing M5 against Wicket JQuery UI / Wicket Kendo UI.
With CSP disabled, it seems to work as expected!
I'm upgrading the sample application to make it work with CSP enabled. So
far it works (even not yet complete), but some things seems to be out of my
hands, like:
Content Security Policy: The page’s settings blocked the loading of a
resource at inline (“style-src”). 2 jquery-3.4.1-ver-1586053743308.js
:4817:39
<
http://localhost:8080/wicket-jquery-ui/wicket/resource/org.apache.wicket.resource.JQueryResourceReference/jquery/jquery-3.4.1-ver-1586053743308.js
It seems to come from the bundled jQuery, here is the line:
tmp = getAll( fragment.appendChild( elem ), "script" );
The CSP error seems legit, but I don't know how we can circumvent it (did
not investigate yet)... I do have few others but I need to double check if
it comes from my jQuery usage or not...
Anyway, I think it is good enough to release this Milestone so users can
test and report before the Final.
[x] Yes, release Apache Wicket 9.0.0-M5
Thanks for the big work!
Sebastien
