[jira] [Commented] (WICKET-6245) Open up CsrfPreventionRequestCycleListener for extension
[ https://issues.apache.org/jira/browse/WICKET-6245?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15678045#comment-15678045 ] ASF GitHub Bot commented on WICKET-6245: Github user amichalowski closed the pull request at: https://github.com/apache/wicket/pull/187 > Open up CsrfPreventionRequestCycleListener for extension > > > Key: WICKET-6245 > URL: https://issues.apache.org/jira/browse/WICKET-6245 > Project: Wicket > Issue Type: Bug > Components: wicket >Affects Versions: 6.20.0, 7.0.0, 6.21.0, 7.1.0, 7.2.0, 7.3.0, 8.0.0-M1, > 6.22.0, 6.23.0, 7.4.0, 6.24.0 >Reporter: Martijn Dashorst >Assignee: Martijn Dashorst >Priority: Minor > Fix For: 8.0.0-M2, 6.25.0, 7.5.0 > > > The design of the CsrfPreventionRequestCycleListener is such that it is open > for extension, but fails to provide the right hooks for implementors. We > should allow private methods to be called from event handlers, and allow > overriding of several checkpoints in the API. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (WICKET-6245) Open up CsrfPreventionRequestCycleListener for extension
[ https://issues.apache.org/jira/browse/WICKET-6245?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15640093#comment-15640093 ] ASF GitHub Bot commented on WICKET-6245: GitHub user amichalowski opened a pull request: https://github.com/apache/wicket/pull/187 Add origin header to ajax requests in BaseWicketTester In commits assigned to this issue: [https://issues.apache.org/jira/browse/WICKET-6245](https://issues.apache.org/jira/browse/WICKET-6245) There are following changes in `CsrfPreventionRequestCycleListener`: - If origin header doesn't exist referer header can be used. - Default no origin behavior was changed to abort. But the wicket tester doesn't send Origin or Referer header. You can merge this pull request into a Git repository by running: $ git pull https://github.com/amichalowski/wicket wicket-tester-origin-header Alternatively you can review and apply these changes as the patch at: https://github.com/apache/wicket/pull/187.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #187 commit 893579c88c98b8dfbc6612ff7c2e1b3ac024e6f6 Author: Artur MichaĆowski Date: 2016-11-05T16:59:56Z Add origin header to ajax requests in BaseWicketTester > Open up CsrfPreventionRequestCycleListener for extension > > > Key: WICKET-6245 > URL: https://issues.apache.org/jira/browse/WICKET-6245 > Project: Wicket > Issue Type: Bug > Components: wicket >Affects Versions: 6.20.0, 7.0.0, 6.21.0, 7.1.0, 7.2.0, 7.3.0, 8.0.0-M1, > 6.22.0, 6.23.0, 7.4.0, 6.24.0 >Reporter: Martijn Dashorst >Assignee: Martijn Dashorst >Priority: Minor > Fix For: 8.0.0-M2, 6.25.0, 7.5.0 > > > The design of the CsrfPreventionRequestCycleListener is such that it is open > for extension, but fails to provide the right hooks for implementors. We > should allow private methods to be called from event handlers, and allow > overriding of several checkpoints in the API. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (WICKET-6245) Open up CsrfPreventionRequestCycleListener for extension
[ https://issues.apache.org/jira/browse/WICKET-6245?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15526334#comment-15526334 ] ASF subversion and git services commented on WICKET-6245: - Commit be8833cd133a665ca8c76ddd0f468e810c345f28 in wicket's branch refs/heads/master from [~mgrigorov] [ https://git-wip-us.apache.org/repos/asf?p=wicket.git;h=be8833c ] WICKET-6245 Remove 'final' modifier for the modified methods because this breaks Clirr (correctly or not) Discussion: https://mail-archives.apache.org/mod_mbox/wicket-dev/201609.mbox/%3CCAB63Y-drhdSVkNX+ARz51bDBGBX_req_d6DGRNW=67nr5rb...@mail.gmail.com%3E > Open up CsrfPreventionRequestCycleListener for extension > > > Key: WICKET-6245 > URL: https://issues.apache.org/jira/browse/WICKET-6245 > Project: Wicket > Issue Type: Bug > Components: wicket >Affects Versions: 6.20.0, 7.0.0, 6.21.0, 7.1.0, 7.2.0, 7.3.0, 8.0.0-M1, > 6.22.0, 6.23.0, 7.4.0, 6.24.0 >Reporter: Martijn Dashorst >Assignee: Martijn Dashorst >Priority: Minor > Fix For: 8.0.0-M2, 6.25.0, 7.5.0 > > > The design of the CsrfPreventionRequestCycleListener is such that it is open > for extension, but fails to provide the right hooks for implementors. We > should allow private methods to be called from event handlers, and allow > overriding of several checkpoints in the API. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (WICKET-6245) Open up CsrfPreventionRequestCycleListener for extension
[ https://issues.apache.org/jira/browse/WICKET-6245?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15526333#comment-15526333 ] ASF subversion and git services commented on WICKET-6245: - Commit 6637e363bec2eb49de0d2edce3505a1fdb7586bd in wicket's branch refs/heads/wicket-7.x from [~mgrigorov] [ https://git-wip-us.apache.org/repos/asf?p=wicket.git;h=6637e36 ] WICKET-6245 Remove 'final' modifier for the modified methods because this breaks Clirr (correctly or not) Discussion: https://mail-archives.apache.org/mod_mbox/wicket-dev/201609.mbox/%3CCAB63Y-drhdSVkNX+ARz51bDBGBX_req_d6DGRNW=67nr5rb...@mail.gmail.com%3E > Open up CsrfPreventionRequestCycleListener for extension > > > Key: WICKET-6245 > URL: https://issues.apache.org/jira/browse/WICKET-6245 > Project: Wicket > Issue Type: Bug > Components: wicket >Affects Versions: 6.20.0, 7.0.0, 6.21.0, 7.1.0, 7.2.0, 7.3.0, 8.0.0-M1, > 6.22.0, 6.23.0, 7.4.0, 6.24.0 >Reporter: Martijn Dashorst >Assignee: Martijn Dashorst >Priority: Minor > Fix For: 8.0.0-M2, 6.25.0, 7.5.0 > > > The design of the CsrfPreventionRequestCycleListener is such that it is open > for extension, but fails to provide the right hooks for implementors. We > should allow private methods to be called from event handlers, and allow > overriding of several checkpoints in the API. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (WICKET-6245) Open up CsrfPreventionRequestCycleListener for extension
[ https://issues.apache.org/jira/browse/WICKET-6245?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15507661#comment-15507661 ] ASF subversion and git services commented on WICKET-6245: - Commit 6cd10f970d49ee1cd275c5038aa3c58c9738efaf in wicket's branch refs/heads/wicket-7.x from [~mgrigorov] [ https://git-wip-us.apache.org/repos/asf?p=wicket.git;h=6cd10f9 ] WICKET-6245 Open up CsrfPreventionRequestCycleListener for extension Wrap a debug logiing in LOG.isDebugEnabled() > Open up CsrfPreventionRequestCycleListener for extension > > > Key: WICKET-6245 > URL: https://issues.apache.org/jira/browse/WICKET-6245 > Project: Wicket > Issue Type: Bug > Components: wicket >Affects Versions: 6.20.0, 7.0.0, 6.21.0, 7.1.0, 7.2.0, 7.3.0, 8.0.0-M1, > 6.22.0, 6.23.0, 7.4.0, 6.24.0 >Reporter: Martijn Dashorst >Assignee: Martijn Dashorst >Priority: Minor > Fix For: 8.0.0-M2, 6.25.0, 7.5.0 > > > The design of the CsrfPreventionRequestCycleListener is such that it is open > for extension, but fails to provide the right hooks for implementors. We > should allow private methods to be called from event handlers, and allow > overriding of several checkpoints in the API. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (WICKET-6245) Open up CsrfPreventionRequestCycleListener for extension
[ https://issues.apache.org/jira/browse/WICKET-6245?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15507658#comment-15507658 ] ASF subversion and git services commented on WICKET-6245: - Commit 247619ab176c64acc3d07adcc45725e019e11a62 in wicket's branch refs/heads/master from [~mgrigorov] [ https://git-wip-us.apache.org/repos/asf?p=wicket.git;h=247619a ] WICKET-6245 Open up CsrfPreventionRequestCycleListener for extension Wrap a debug logiing in LOG.isDebugEnabled() > Open up CsrfPreventionRequestCycleListener for extension > > > Key: WICKET-6245 > URL: https://issues.apache.org/jira/browse/WICKET-6245 > Project: Wicket > Issue Type: Bug > Components: wicket >Affects Versions: 6.20.0, 7.0.0, 6.21.0, 7.1.0, 7.2.0, 7.3.0, 8.0.0-M1, > 6.22.0, 6.23.0, 7.4.0, 6.24.0 >Reporter: Martijn Dashorst >Assignee: Martijn Dashorst >Priority: Minor > Fix For: 8.0.0-M2, 6.25.0, 7.5.0 > > > The design of the CsrfPreventionRequestCycleListener is such that it is open > for extension, but fails to provide the right hooks for implementors. We > should allow private methods to be called from event handlers, and allow > overriding of several checkpoints in the API. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (WICKET-6245) Open up CsrfPreventionRequestCycleListener for extension
[ https://issues.apache.org/jira/browse/WICKET-6245?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15503523#comment-15503523 ] ASF subversion and git services commented on WICKET-6245: - Commit f2c165cf994f60753016459ce0d94b3787f6727c in wicket's branch refs/heads/wicket-7.x from [~papegaaij] [ https://git-wip-us.apache.org/repos/asf?p=wicket.git;h=f2c165c ] WICKET-6245: fix testcase to reflect change in behavior: no origin is blocked > Open up CsrfPreventionRequestCycleListener for extension > > > Key: WICKET-6245 > URL: https://issues.apache.org/jira/browse/WICKET-6245 > Project: Wicket > Issue Type: Bug >Reporter: Martijn Dashorst >Priority: Minor > > The design of the CsrfPreventionRequestCycleListener is such that it is open > for extension, but fails to provide the right hooks for implementors. We > should allow private methods to be called from event handlers, and allow > overriding of several checkpoints in the API. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (WICKET-6245) Open up CsrfPreventionRequestCycleListener for extension
[ https://issues.apache.org/jira/browse/WICKET-6245?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15503522#comment-15503522 ] ASF subversion and git services commented on WICKET-6245: - Commit 89a2aac8c6851ee03ada2ab0c71e8675d31e39d9 in wicket's branch refs/heads/wicket-6.x from [~papegaaij] [ https://git-wip-us.apache.org/repos/asf?p=wicket.git;h=89a2aac ] WICKET-6245: fix testcase to reflect change in behavior: no origin is blocked > Open up CsrfPreventionRequestCycleListener for extension > > > Key: WICKET-6245 > URL: https://issues.apache.org/jira/browse/WICKET-6245 > Project: Wicket > Issue Type: Bug >Reporter: Martijn Dashorst >Priority: Minor > > The design of the CsrfPreventionRequestCycleListener is such that it is open > for extension, but fails to provide the right hooks for implementors. We > should allow private methods to be called from event handlers, and allow > overriding of several checkpoints in the API. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (WICKET-6245) Open up CsrfPreventionRequestCycleListener for extension
[ https://issues.apache.org/jira/browse/WICKET-6245?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15503521#comment-15503521 ] ASF subversion and git services commented on WICKET-6245: - Commit dbfe3461e5caa4c6d9f2d65b248a1a3e42946d0b in wicket's branch refs/heads/master from [~papegaaij] [ https://git-wip-us.apache.org/repos/asf?p=wicket.git;h=dbfe346 ] WICKET-6245: fix testcase to reflect change in behavior: no origin is blocked > Open up CsrfPreventionRequestCycleListener for extension > > > Key: WICKET-6245 > URL: https://issues.apache.org/jira/browse/WICKET-6245 > Project: Wicket > Issue Type: Bug >Reporter: Martijn Dashorst >Priority: Minor > > The design of the CsrfPreventionRequestCycleListener is such that it is open > for extension, but fails to provide the right hooks for implementors. We > should allow private methods to be called from event handlers, and allow > overriding of several checkpoints in the API. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (WICKET-6245) Open up CsrfPreventionRequestCycleListener for extension
[ https://issues.apache.org/jira/browse/WICKET-6245?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15503494#comment-15503494 ] ASF subversion and git services commented on WICKET-6245: - Commit 3320821343f7957a4850f2d9b61ab18eec55fa62 in wicket's branch refs/heads/wicket-6.x from [~papegaaij] [ https://git-wip-us.apache.org/repos/asf?p=wicket.git;h=3320821 ] WICKET-6245: open up CsrfPreventionRequestCycleListener for extension > Open up CsrfPreventionRequestCycleListener for extension > > > Key: WICKET-6245 > URL: https://issues.apache.org/jira/browse/WICKET-6245 > Project: Wicket > Issue Type: Bug >Reporter: Martijn Dashorst >Priority: Minor > > The design of the CsrfPreventionRequestCycleListener is such that it is open > for extension, but fails to provide the right hooks for implementors. We > should allow private methods to be called from event handlers, and allow > overriding of several checkpoints in the API. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (WICKET-6245) Open up CsrfPreventionRequestCycleListener for extension
[ https://issues.apache.org/jira/browse/WICKET-6245?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15503495#comment-15503495 ] ASF subversion and git services commented on WICKET-6245: - Commit 5c345567c75b3cc1f7e4cce6dcf3e692870b4823 in wicket's branch refs/heads/wicket-7.x from [~papegaaij] [ https://git-wip-us.apache.org/repos/asf?p=wicket.git;h=5c34556 ] WICKET-6245: open up CsrfPreventionRequestCycleListener for extension > Open up CsrfPreventionRequestCycleListener for extension > > > Key: WICKET-6245 > URL: https://issues.apache.org/jira/browse/WICKET-6245 > Project: Wicket > Issue Type: Bug >Reporter: Martijn Dashorst >Priority: Minor > > The design of the CsrfPreventionRequestCycleListener is such that it is open > for extension, but fails to provide the right hooks for implementors. We > should allow private methods to be called from event handlers, and allow > overriding of several checkpoints in the API. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
