My vote is -1 Our main application is not working with this version
On Sat, 3 Oct 2020 at 22:57, Maxim Solodovnik <solomax...@gmail.com> wrote: > Thanks a lot Sven :) > sorry I have not tested before > > On Sat, 3 Oct 2020 at 22:30, Sven Meier <s...@meiers.net> wrote: > >> Ok, found the issue: >> >> With my change for https://issues.apache.org/jira/browse/WICKET-6821 the >> CSP header decorator now comes *after* a possible >> FilteringHeaderResponse. In this case no header items is ever passed on >> for CSP header decoration, >> >> We have some implicit rules for decorators: >> ResourceAggregator has to come first, then CSP and filtering should >> happen after that. >> >> I'm looking for a solution. >> >> -1 to release 9.1.0 with this regression. >> >> Have fun >> Sven >> >> >> On 03.10.20 14:04, Maxim Solodovnik wrote: >> > OK >> > >> > the problem is caused by adding `FilteringHeaderResponse` >> > >> https://github.com/solomax/ajax-download/blob/master/src/main/java/org/apache/WicketApplication.java#L50 >> > >> > here is the quickstart https://github.com/solomax/ajax-download >> > >> > On Sat, 3 Oct 2020 at 18:11, Maxim Solodovnik <solomax...@gmail.com> >> wrote: >> > >> >> ls -1 webapps/openmeetings/WEB-INF/lib/wicket* >> >> webapps/openmeetings/WEB-INF/lib/wicket-auth-roles-9.1.0.jar >> >> webapps/openmeetings/WEB-INF/lib/wicket-bootstrap-core-5.0.1.jar >> >> webapps/openmeetings/WEB-INF/lib/wicket-bootstrap-extensions-5.0.1.jar >> >> webapps/openmeetings/WEB-INF/lib/wicket-bootstrap-themes-5.0.1.jar >> >> webapps/openmeetings/WEB-INF/lib/wicket-core-9.1.0.jar >> >> webapps/openmeetings/WEB-INF/lib/wicket-devutils-9.1.0.jar >> >> webapps/openmeetings/WEB-INF/lib/wicket-extensions-9.1.0.jar >> >> webapps/openmeetings/WEB-INF/lib/wicket-ioc-9.1.0.jar >> >> webapps/openmeetings/WEB-INF/lib/wicket-jquery-ui-9.0.0-M5.1.jar >> >> >> webapps/openmeetings/WEB-INF/lib/wicket-jquery-ui-calendar-9.0.0-M5.1.jar >> >> webapps/openmeetings/WEB-INF/lib/wicket-jquery-ui-core-9.0.0-M5.1.jar >> >> >> webapps/openmeetings/WEB-INF/lib/wicket-jquery-ui-plugins-9.0.0-M5.1.jar >> >> webapps/openmeetings/WEB-INF/lib/wicket-native-websocket-core-9.1.0.jar >> >> >> webapps/openmeetings/WEB-INF/lib/wicket-native-websocket-javax-9.1.0.jar >> >> webapps/openmeetings/WEB-INF/lib/wicket-request-9.1.0.jar >> >> webapps/openmeetings/WEB-INF/lib/wicket-spring-9.1.0.jar >> >> webapps/openmeetings/WEB-INF/lib/wicketstuff-dashboard-core-9.1.0.jar >> >> webapps/openmeetings/WEB-INF/lib/wicketstuff-datastore-common-9.1.0.jar >> >> >> webapps/openmeetings/WEB-INF/lib/wicketstuff-datastore-hazelcast-9.1.0.jar >> >> webapps/openmeetings/WEB-INF/lib/wicketstuff-select2-9.1.0.jar >> >> webapps/openmeetings/WEB-INF/lib/wicketstuff-urlfragment-9.1.0.jar >> >> webapps/openmeetings/WEB-INF/lib/wicket-util-9.1.0.jar >> >> webapps/openmeetings/WEB-INF/lib/wicket-webjars-3.0.0-M4.jar >> >> >> >> >> >> same result, will try to create quickstart >> >> >> >> On Sat, 3 Oct 2020 at 17:18, Maxim Solodovnik <solomax...@gmail.com> >> >> wrote: >> >> >> >>> Tomcat 9.0.38.0 (I doubt it is important) >> >>> >> >>> all jars are in webapps/openmeetings/WEB-INF/lib >> >>> >> >>> ls -1 wicket* >> >>> >> >>> wicket-auth-roles-9.1.0.jar >> >>> wicket-bootstrap-core-5.0.1.jar >> >>> wicket-bootstrap-extensions-5.0.1.jar >> >>> wicket-bootstrap-themes-5.0.1.jar >> >>> wicket-core-9.1.0.jar >> >>> wicket-devutils-9.1.0.jar >> >>> wicket-extensions-9.1.0.jar >> >>> wicket-ioc-9.1.0.jar >> >>> wicket-jquery-ui-9.0.0-M5.1.jar >> >>> wicket-jquery-ui-calendar-9.0.0-M5.1.jar >> >>> wicket-jquery-ui-core-9.0.0-M5.1.jar >> >>> wicket-jquery-ui-plugins-9.0.0-M5.1.jar >> >>> wicket-native-websocket-core-9.1.0.jar >> >>> wicket-native-websocket-javax-9.1.0.jar >> >>> wicket-request-9.1.0.jar >> >>> wicket-spring-9.1.0.jar >> >>> wicketstuff-dashboard-core-9.0.0.jar >> >>> wicketstuff-datastore-common-9.0.0.jar >> >>> wicketstuff-datastore-hazelcast-9.0.0.jar >> >>> wicketstuff-select2-9.0.0.jar >> >>> wicketstuff-urlfragment-9.0.0.jar >> >>> wicket-util-9.1.0.jar >> >>> wicket-webjars-3.0.0-M4.jar >> >>> >> >>> I'll try to re-build wicketstuff using 9.1.0 and try again >> >>> >> >>> On Sat, 3 Oct 2020 at 16:59, Sven Meier <s...@meiers.net> wrote: >> >>> >> >>>> The CSP example works fine. >> >>>> >> >>>> Do you have Wicket 9.0 and 9.1 on your classpath? >> >>>> >> >>>> Sven >> >>>> >> >>>> >> >>>> On 03.10.20 08:13, Maxim Solodovnik wrote: >> >>>>> Hello Sven, >> >>>>> >> >>>>> I was aware of this JIRA >> >>>>> and have double-check with debugger: >> >>>>> in `WebApplication.validateInit()` >> >>>>> >> >>>>> `getCspSettings().isEnabled() == true` >> >>>>> and `getCspSettings().enforce(this);` was called .... >> >>>>> >> >>>>> >> >>>>> >> >>>>> On Sat, 3 Oct 2020 at 13:10, Sven Meier <s...@meiers.net> wrote: >> >>>>> >> >>>>>> Hi, >> >>>>>> >> >>>>>> could be https://issues.apache.org/jira/browse/WICKET-6821 >> >>>>>> >> >>>>>> Do you configure your CSP in #init()? >> >>>>>> >> >>>>>> Sven >> >>>>>> >> >>>>>> >> >>>>>> Am 3. Oktober 2020 06:18:21 MESZ schrieb Maxim Solodovnik < >> >>>>>> solomax...@gmail.com>: >> >>>>>>> sorry for double posting, >> >>>>>>> >> >>>>>>> here are the first results: CSPNonceHeaderResponseDecorator was >> set >> >>>> up, >> >>>>>>> but >> >>>>>>> breakpoint in it's `render` method wasn't hit >> >>>>>>> something weird .... >> >>>>>>> >> >>>>>>> On Sat, 3 Oct 2020 at 08:47, Maxim Solodovnik < >> solomax...@gmail.com> >> >>>>>>> wrote: >> >>>>>>> >> >>>>>>>> Hello All, >> >>>>>>>> >> >>>>>>>> I have started testing this new release yesterday >> >>>>>>>> Checksum and signature as well as local build from sources are OK >> >>>>>>>> >> >>>>>>>> BUT my main application is not working at all due to zero >> resources >> >>>>>>> are >> >>>>>>>> loaded due to CSP errors >> >>>>>>>> (we do have CSP rules in charge and CSP enabled) >> >>>>>>>> Everything works as expected in Wicket 9.0.0 >> >>>>>>>> >> >>>>>>>> Are there any migration guides or something like this? >> >>>>>>>> Advise on where should I start digging is highly appreciated >> >>>>>>>> >> >>>>>>>> p.s. I should test SNAPSHOTs earlier :((( >> >>>>>>>> >> >>>>>>>> On Sat, 3 Oct 2020 at 02:48, Andrea Del Bene < >> an.delb...@gmail.com> >> >>>>>>> wrote: >> >>>>>>>>> This is a vote to release Apache Wicket 9.1.0 >> >>>>>>>>> >> >>>>>>>>> Please download the source distributions found in our staging >> area >> >>>>>>>>> linked below. >> >>>>>>>>> >> >>>>>>>>> I have included the signatures for both the source archives. >> This >> >>>>>>> vote >> >>>>>>>>> lasts for 72 hours minimum. >> >>>>>>>>> >> >>>>>>>>> [ ] Yes, release Apache Wicket 9.1.0 >> >>>>>>>>> [ ] No, don't release Apache Wicket 9.1.0, because ... >> >>>>>>>>> >> >>>>>>>>> Distributions, changelog, keys and signatures can be found at: >> >>>>>>>>> >> >>>>>>>>> https://dist.apache.org/repos/dist/dev/wicket/9.1.0 >> >>>>>>>>> >> >>>>>>>>> Staging repository: >> >>>>>>>>> >> >>>>>>>>> >> >>>> >> https://repository.apache.org/content/repositories/orgapachewicket-1153/ >> >>>>>>>>> The binaries are available in the above link, as are a staging >> >>>>>>>>> repository for Maven. Typically the vote is on the source, but >> >>>>>>> should >> >>>>>>>>> you find a problem with one of the binaries, please let me >> know, I >> >>>>>>> can >> >>>>>>>>> re-roll them some way or the other. >> >>>>>>>>> >> >>>>>>>>> Staging git repository data: >> >>>>>>>>> >> >>>>>>>>> Repository: g...@github.com:bitstorm/wicket.git >> >>>>>>>>> Branch: build/wicket-9.1.0 >> >>>>>>>>> Release tag: rel/wicket-9.1.0 >> >>>>>>>>> >> >>>>>>>>> >> >>>>>>>>> >> >>>> >> ======================================================================== >> >>>>>>>>> The signatures for the source release artefacts: >> >>>>>>>>> >> >>>>>>>>> >> >>>>>>>>> Signature for apache-wicket-9.1.0.zip: >> >>>>>>>>> >> >>>>>>>>> -----BEGIN PGP SIGNATURE----- >> >>>>>>>>> >> >>>>>>>>> iQIzBAABCgAdFiEE0a6YZHC1pJw+aieyh48B+qjTVuEFAl93Wc8ACgkQh48B+qjT >> >>>>>>>>> VuHC7w//dRcN3FzJ565Wqk+oi9bTd6DiFQgNQPK5YzyJ3D8PrL7WJh50V7MmE3OS >> >>>>>>>>> Sv1JgMpnE5nNQXwxG95rrDYVoNU9CMcMML1sFzsYyJndbZzQCnRS+ICm7ngslUjZ >> >>>>>>>>> dc92bEsTqJcL8pj1W3wSqmjdgFqD8FGRqRwkO1NI4KC9/TIh3N2WwhwAZALPfs4r >> >>>>>>>>> X7yo+UQbpjwRLcSbOf+x4qFQJV7p6xES7XEK5CSrqqZzHCu7yi/YCsbk9tevN4g5 >> >>>>>>>>> 7czDeBbW/6oz0b7n47k1XZemzgldwULFk5fzo75eau+Wxn+zcWCcOLAq6PrkuqKF >> >>>>>>>>> 6+3kVo4nFeX+6MYyTPtM80e/mz5o9MyhpZB7Qz5PEboqr1he3OW/FezC0D1dvfAU >> >>>>>>>>> x9YSGtOPOotveLq8P0w89PUwV2SI0UsrdL/vymhvZZf2F5ZmpR41cYd8hCr6FzSQ >> >>>>>>>>> zNLqBc32r7DyhncDIL9eHlDiDrFcU8viXWdX8+RWHx/V2eqloExk+1pS1xNFlACH >> >>>>>>>>> X9vBFVB9CGVXeeYrRiBiBsz8iueCh2GCdJp/paCLFod5R3KxzKnLzthIajIcoL8v >> >>>>>>>>> tLuXSiqeHJip/A/eDnmFy8ROZOkq5UDUVEyVp5fmtyERFBuWk4LmAZuFe7sAu1Rm >> >>>>>>>>> GJdKzRuDlACFZWd5JKzBO77XsvIcBGC1Dg+AmGmYGGddBNMlvTU= >> >>>>>>>>> =pBMm >> >>>>>>>>> -----END PGP SIGNATURE----- >> >>>>>>>>> >> >>>>>>>>> Signature for apache-wicket-9.1.0.tar.gz: >> >>>>>>>>> >> >>>>>>>>> -----BEGIN PGP SIGNATURE----- >> >>>>>>>>> >> >>>>>>>>> iQIzBAABCgAdFiEE0a6YZHC1pJw+aieyh48B+qjTVuEFAl93Wc4ACgkQh48B+qjT >> >>>>>>>>> VuFisw//WCUwQEK4/yaguX948uGShjASOIf2N+umS+68tQRbrefNVpoTk3E1btvH >> >>>>>>>>> kfZfx9JwZNAxu0W+9d4edcP/CY0cQ/Fl9kyIwCMokaZ+T6Uf74WKs+fT3klhKEY2 >> >>>>>>>>> HFj/xP5VgeCr1BecP709qutJMJ37RHre2iZRGOdALn+gV3T+A9rT8XVx8dMCqQ7Z >> >>>>>>>>> EjETgvZVpuaVbl4evCbUdsX5fjICVH0VhkFNcKGj0F8fQ5mIubVds/NpF2n0+ie0 >> >>>>>>>>> blkUOqhRRniYcFPoaQKm8IrCRCKcwW5o67pthFaejJOz5wMrEJP0vIeVzY0bLHZL >> >>>>>>>>> gzHWOU1wF++NB3WeA4+a7j6RjxDuLFTvABjlStRhs3mAlan93alFxdCYl7RWI6SX >> >>>>>>>>> HtsVd0lW8Ug54zSVi+zCQbcg3AVFpZxpvL5URk+p40L03aPWh8JNbghffpo/j167 >> >>>>>>>>> EKp81PEcSYXtMhjdNXbVHP1NKZmsFJgSKcx3TLuoaOVDuCgOSw+tg3tQjOcOiqak >> >>>>>>>>> 0AZRamhZartVZ22BRuToAEQpP4c0iqC6Qq/2ZwSsKi77AYW7Vppdo/NExm2cFfIs >> >>>>>>>>> RlA8xoefyxif/OskR+MpOZZHttNi5a9MRbcTUmkp5xsEijHZOJjUIVv5cAkOQKNo >> >>>>>>>>> lfO006p8maAu09tkkEYUyVq0P5KQ0kgWNp0u3JsJdxzHlSVqxmk= >> >>>>>>>>> =Hoxj >> >>>>>>>>> -----END PGP SIGNATURE----- >> >>>>>>>>> >> >>>>>>>>> >> >>>> >> ======================================================================== >> >>>>>>>>> CHANGELOG for 9.1.0: >> >>>>>>>>> >> >>>>>>>>> ** Bug >> >>>>>>>>> >> >>>>>>>>> * [WICKET-6702] - AsynchronousPageStore with >> >>>>>>>>> NotDetachedModelChecker - "Not detached model found" exception >> on >> >>>>>>>>> several fast sequential Ajax calls >> >>>>>>>>> * [WICKET-6802] - FilePageStore writing to >> >>>>>>>>> UserDefinedFileAttributeView might be null >> >>>>>>>>> * [WICKET-6803] - wicket-objectsizeof-agent has no valid >> >>>>>>> automatic >> >>>>>>>>> module name >> >>>>>>>>> * [WICKET-6806] - CSP header response decorator breaks >> >>>>>>>>> JavaScriptFilteredIntoFooterHeaderResponse >> >>>>>>>>> * [WICKET-6808] - Cannot add page to AjaxRequestTarget >> >>>>>>>>> * [WICKET-6810] - Asynchronous+encrypted pagestore leads >> to >> >>>>>>>>> WicketRuntimeException >> >>>>>>>>> * [WICKET-6813] - Setting child-src does not update >> frame-src >> >>>>>>> after >> >>>>>>>>> initial assignment >> >>>>>>>>> * [WICKET-6818] - NPE in WicketEndpoint onClose >> >>>>>>>>> * [WICKET-6822] - AsynchronousPageStore Potential Memory >> Leak >> >>>>>>>>> * [WICKET-6825] - wicket-ioc 9.0.0 throws IAE with JDK14, >> >>>> still >> >>>>>>>>> includes outdated ASM 7.1.0 in cglib-nodep >> >>>>>>>>> * [WICKET-6837] - Jupiter engine transitively included >> in war >> >>>>>>> file >> >>>>>>>>> ** New Feature >> >>>>>>>>> >> >>>>>>>>> * [WICKET-6805] - Add Cross-Origin Opener Policy and >> >>>>>>> Cross-Origin >> >>>>>>>>> Embedder Policy support >> >>>>>>>>> >> >>>>>>>>> ** Improvement >> >>>>>>>>> >> >>>>>>>>> * [WICKET-6786] - CsrfPreventionRequestCycleListener >> should >> >>>>>>> support >> >>>>>>>>> Fetch Metadata Request Headers >> >>>>>>>>> * [WICKET-6807] - Fake Submitting Button >> >>>>>>>>> * [WICKET-6821] - Completely disable CSP support >> >>>>>>>>> * [WICKET-6824] - Use concatenation instead of >> String.format >> >>>>>>> for >> >>>>>>>>> frequently called methods >> >>>>>>>>> * [WICKET-6826] - Improve performance and reduce >> allocations >> >>>>>>> for >> >>>>>>>>> Behaviors >> >>>>>>>>> * [WICKET-6827] - Improve performance of Strings.join and >> >>>>>>>>> Strings.replaceAll >> >>>>>>>>> * [WICKET-6828] - Wrong tree branch icon with hidden >> children >> >>>>>>>>> * [WICKET-6829] - Use String.isEmpty() instead of >> >>>>>>> "".equals(...) >> >>>>>>>>> * [WICKET-6830] - Convert Behaviors into a static utility >> >>>> class >> >>>>>>> to >> >>>>>>>>> reduce allocations >> >>>>>>>>> * [WICKET-6831] - Try to flush the response before detach >> >>>>>>>>> * [WICKET-6833] - Reduce allocations when merging page >> >>>>>>> parameters >> >>>>>>>>> * [WICKET-6835] - Improve performance of >> >>>>>>>>> AbstractMapper.getPlaceholder >> >>>>>>>>> * [WICKET-6838] - Improve performance of Strings.split >> >>>>>>>>> >> >>>>>>>>> >> >>>>>>>> -- >> >>>>>>>> Best regards, >> >>>>>>>> Maxim >> >>>>>>>> >> >>>>>>> -- >> >>>>>>> Best regards, >> >>>>>>> Maxim >> >>> >> >>> -- >> >>> Best regards, >> >>> Maxim >> >>> >> >> >> >> -- >> >> Best regards, >> >> Maxim >> >> >> > >> > > > -- > Best regards, > Maxim > -- Best regards, Maxim
