Hi,
I've updated copyright year. You don't see 2018 post because it has a
future date, but you can use flag future:true to show it.
On Fri, Feb 2, 2018 at 4:23 AM, Maxim Solodovnik
wrote:
> Hello All,
>
> I have question regarding site generation.
>
> I have added following file: 2018/_posts/20
Github user martin-g commented on a diff in the pull request:
https://github.com/apache/wicket/pull/258#discussion_r165631354
--- Diff:
wicket-core/src/main/java/org/apache/wicket/markup/head/filter/JavaScriptDeferHeaderResponse.java
---
@@ -0,0 +1,141 @@
+/*
+ * Licensed
Github user martin-g commented on a diff in the pull request:
https://github.com/apache/wicket/pull/258#discussion_r165631611
--- Diff:
wicket-core/src/main/java/org/apache/wicket/markup/head/filter/JavaScriptDeferHeaderResponse.java
---
@@ -0,0 +1,141 @@
+/*
+ * Licensed
Github user martin-g commented on a diff in the pull request:
https://github.com/apache/wicket/pull/258#discussion_r165631545
--- Diff:
wicket-core/src/main/java/org/apache/wicket/markup/head/filter/JavaScriptDeferHeaderResponse.java
---
@@ -0,0 +1,141 @@
+/*
+ * Licensed
Hi,
Maybe I'm wrong but for AJAX only logged in user could get that REQUEST to
work because it is page relative. Or am I completely wrong?
On Thu, Feb 1, 2018 at 10:45 PM, Carl-Eric Menzel
wrote:
> Hi,
>
> I've just encountered an interesting oddity. For a normal form submission,
> there is Fo
You're not wrong, but I'd still like to be able to block GET. And the
other question is *why* this check isn't done for forms with submit
components (I haven't tried it, but I suspect using a regular button
rather than an ajax button would run into the same issue).
On Fri, Feb 2, 2018, at 14:45, E
Ok. But does that posses a real security issue? i.e not logged used
triggering a click on "that" button that does not exists for them?
On Fri, Feb 2, 2018 at 3:36 PM, Carl-Eric Menzel
wrote:
> You're not wrong, but I'd still like to be able to block GET. And the
> other question is *why* this ch
GET requests can be triggered by someone opening a page with e.g. an
image URL pointing to that. In a small application, this URL can be
guessable.
But even if it weren't a security issue - I still would like to know why
there is this inconsistency between onFormSubmitted and
onFormSubmitted(submit
Ok. I see.
On Fri, Feb 2, 2018 at 3:42 PM, Carl-Eric Menzel
wrote:
> GET requests can be triggered by someone opening a page with e.g. an
> image URL pointing to that. In a small application, this URL can be
> guessable.
> But even if it weren't a security issue - I still would like to know why
Github user kbachl commented on a diff in the pull request:
https://github.com/apache/wicket/pull/258#discussion_r165700199
--- Diff:
wicket-core/src/main/java/org/apache/wicket/markup/head/filter/JavaScriptDeferHeaderResponse.java
---
@@ -0,0 +1,141 @@
+/*
+ * Licensed to
Github user martin-g commented on a diff in the pull request:
https://github.com/apache/wicket/pull/258#discussion_r165725046
--- Diff:
wicket-core/src/main/java/org/apache/wicket/markup/head/filter/JavaScriptDeferHeaderResponse.java
---
@@ -0,0 +1,141 @@
+/*
+ * Licensed
Github user svenmeier commented on a diff in the pull request:
https://github.com/apache/wicket/pull/258#discussion_r165725214
--- Diff:
wicket-core/src/main/java/org/apache/wicket/markup/head/filter/JavaScriptDeferHeaderResponse.java
---
@@ -0,0 +1,141 @@
+/*
+ * Licensed
Github user svenmeier commented on a diff in the pull request:
https://github.com/apache/wicket/pull/258#discussion_r165725617
--- Diff:
wicket-core/src/main/java/org/apache/wicket/markup/head/filter/JavaScriptDeferHeaderResponse.java
---
@@ -0,0 +1,141 @@
+/*
+ * Licensed
Hi Carl-Eric,
WICKET-4107 was specifically about preventing GET request on stateless
forms. Why not do something similar for Ajax behaviors?
Have fun
Sven
Am 01.02.2018 um 22:45 schrieb Carl-Eric Menzel:
Hi,
I've just encountered an interesting oddity. For a normal form
submission, there
Thanks a lot Andrea!
Not sure if I can do more for the site update :(
@Martijn maybe you can provide text for the upcoming release?
@All, I'm not real fan of it, but maybe it worth to release another "M"?
WBR, Maxim
(from mobile, sorry for the typos)
On Fri, Feb 2, 2018, 16:25 Andrea Del Bene
15 matches
Mail list logo
