solomax commented on issue #399: WICKET-6727: Configurable
Content-Security-Policy
URL: https://github.com/apache/wicket/pull/399#issuecomment-583224053
@papegaaij is it time to merge this PR into master?
This is an automated
solomax commented on issue #399: WICKET-6727: Configurable
Content-Security-Policy
URL: https://github.com/apache/wicket/pull/399#issuecomment-581249070
BTW while using this version I'm seeing multiple issues which cannot be
targeted easily due to components containing inline styles are re
solomax commented on issue #399: WICKET-6727: Configurable
Content-Security-Policy
URL: https://github.com/apache/wicket/pull/399#issuecomment-581248382
@papegaaij you are right
sorry for the noise :(
The only way I see this can be improved is create "reporting-only" example
with
solomax commented on issue #399: WICKET-6727: Configurable
Content-Security-Policy
URL: https://github.com/apache/wicket/pull/399#issuecomment-581088761
@papegaaij the main problem: `reportong` method was the only **configured
one**, but surprisingly response contains both `blocking` and `
solomax commented on issue #399: WICKET-6727: Configurable
Content-Security-Policy
URL: https://github.com/apache/wicket/pull/399#issuecomment-581015004
Hello @papegaaij,
I found some weird behavior with CSP
In my app I'm setting `reporting csp` as follows:
`getCsp().reporting().
solomax commented on issue #399: WICKET-6727: Configurable
Content-Security-Policy
URL: https://github.com/apache/wicket/pull/399#issuecomment-577630998
@papegaaij Thanks a lot!
Everything works as expected :)
ps surprisingly my original question wasn't offtopic in this PR :)
---
solomax commented on issue #399: WICKET-6727: Configurable
Content-Security-Policy
URL: https://github.com/apache/wicket/pull/399#issuecomment-577600141
Yep, seems to be bug
Filtered nature is dropped here
https://github.com/apache/wicket/blob/csp/wicket-core/src/main/java/org/apache/wi
solomax commented on issue #399: WICKET-6727: Configurable
Content-Security-Policy
URL: https://github.com/apache/wicket/pull/399#issuecomment-577582507
@martin-g I'm trying to implement this via FilteredHeaderItem, but this
seems to be extremely not easy:
CSSItem added as `Filtered
solomax commented on issue #399: WICKET-6727: Configurable
Content-Security-Policy
URL: https://github.com/apache/wicket/pull/399#issuecomment-577297405
@papegaaij in our code we are using code like this:
https://github.com/apache/openmeetings/blob/csp/openmeetings-web/src/main/java/org
solomax commented on issue #399: WICKET-6727: Configurable
Content-Security-Policy
URL: https://github.com/apache/wicket/pull/399#issuecomment-577295287
The main issue here: such slow down will appear with upgrade (with zero line
of code changed)
So I guess it is better to use faster ve
solomax commented on issue #399: WICKET-6727: Configurable
Content-Security-Policy
URL: https://github.com/apache/wicket/pull/399#issuecomment-577212144
just tried to start Tomcat with
`JAVA_OPTS="-Djava.security.egd=file:/dev/./urandom" ./bin/catalina.sh run`
it is slow :(
---
solomax commented on issue #399: WICKET-6727: Configurable
Content-Security-Policy
URL: https://github.com/apache/wicket/pull/399#issuecomment-577199827
@papegaaij, All
I was able to find the reason of slow down in my application
`SecureRandom.getInstanceStrong()` creates `NativePRNGB
solomax commented on issue #399: WICKET-6727: Configurable
Content-Security-Policy
URL: https://github.com/apache/wicket/pull/399#issuecomment-577026973
@papegaaij I'm still investigating
(suspectingthis might be caused by lots of `nonce`s need to be generated,
and/or lot's of inline st
solomax commented on issue #399: WICKET-6727: Configurable
Content-Security-Policy
URL: https://github.com/apache/wicket/pull/399#issuecomment-576300948
API looks good to me
I'm trying to add CSP support from this branch to out main wicket app
The biggest problem so far: first request
solomax commented on issue #399: WICKET-6727: Configurable
Content-Security-Policy
URL: https://github.com/apache/wicket/pull/399#issuecomment-575895355
`canSetHeader` ?
This is an automated message from the Apache Git Servic
solomax commented on issue #399: WICKET-6727: Configurable
Content-Security-Policy
URL: https://github.com/apache/wicket/pull/399#issuecomment-575870332
@papegaaij we are currently adding CSP header using following conditions:
```
if (resp instanceof WebResponse && !(resp instanceof W
16 matches
Mail list logo