On Fri, Feb 28, 2020 at 11:55 AM Martin Grigorov
wrote:
>
>
> On Fri, Feb 28, 2020 at 11:37 AM Andrea Del Bene
> wrote:
>
>> On Thu, Feb 27, 2020 at 1:03 PM Martin Grigorov
>> wrote:
>>
>> >
>> >
>> > I wanted to ask here whether we need an API that says whether CSP is
>> > enabled or
On Fri, Feb 28, 2020 at 11:37 AM Andrea Del Bene
wrote:
> On Thu, Feb 27, 2020 at 1:03 PM Martin Grigorov
> wrote:
>
> >
> >
> > I wanted to ask here whether we need an API that says whether CSP is
> > enabled or disabled.
> > For example UI libraries like Wicket Bootstrap & Wicket JQuery UI
On Thu, Feb 27, 2020 at 1:03 PM Martin Grigorov
wrote:
>
>
> I wanted to ask here whether we need an API that says whether CSP is
> enabled or disabled.
> For example UI libraries like Wicket Bootstrap & Wicket JQuery UI (and any
> other) may use it to decide how to behave depending on the
It is possible
but this CSP will not be `strict` anymore :)))
On Fri, 28 Feb 2020 at 15:23, Sebastien Briquet wrote:
>
> Thank you so much Emond! I will try that!
--
WBR
Maxim aka solomax
Thank you so much Emond! I will try that!
Hi Sebastien,
Unfortunately, not all libraries work with a strict CSP (Wicket used
to be one of those :) ). For such a library, you might want to roll a
less strict CSP via an IInitializer. From what I see in the link sent
by Maxim, you'll need to add 'unsafe-eval' for Kendo:
Sorry for bringing such news :(
On Fri, 28 Feb 2020 at 10:05, Sebastien Briquet wrote:
>
> Thank you very much for letting me know!
> I didn't exactly know what to expect until I would put my hands in it, but
> now I'm a little bit worried, haha !
>
> Best regards,
> Sebastien
--
WBR
Maxim
Thank you very much for letting me know!
I didn't exactly know what to expect until I would put my hands in it, but
now I'm a little bit worried, haha !
Best regards,
Sebastien
Hello Sebastien,
Unfortunately this task might be challenging :(
Kendo will not work in strict CSP mode :(
https://docs.telerik.com/kendo-ui/troubleshoot/content-security-policy
Other places to look at (should be easy to correct):
DisplayNoneBehavior
MessageDialog
:)))
On Thu, 27 Feb 2020 at
Yes,
All my prs were made with strict csp enabled
Additional minor change is required to make tests pass
Will create pr right after release
On Thu, Feb 27, 2020, 20:32 Martin Grigorov wrote:
> Thanks, Emond!
>
> @Maxim: since you started using Wicket 9.x Bootstrap 4.x recently: do you
> use it
Thanks, Emond!
@Maxim: since you started using Wicket 9.x Bootstrap 4.x recently: do you
use it with CSP enabled ?
On Thu, Feb 27, 2020 at 3:17 PM Emond Papegaaij
wrote:
> Hi Martin and Sebastien,
>
> I see no need for checking if CSP is enabled or not. It is not hard to
> write your code to
Hi Martin and Sebastien,
I see no need for checking if CSP is enabled or not. It is not hard to
write your code to comply to even the strictest CSP. If it works with
the strict CSP, it will also work when CSP is disabled or with a less
strict CSP. Simply follow the few rules explained in the user
Hi Martin,
Actually that's a good point! I will try to upgrade Wicket jQuery UI to
wicket 9/CSP to see how it behaves...
Thanks and best regards,
Sebastien
Hi,
I'm creating a new thread to not hijack the discussion about the CSS
utilities.
On Thu, Feb 27, 2020 at 12:56 PM Ernesto Reinaldo Barreiro <
reier...@gmail.com> wrote:
> Hi,
>
> On Thu, Feb 27, 2020 at 12:33 PM Andrea Del Bene
> wrote:
>
> > On Wed, Feb 26, 2020 at 10:26 AM Ernesto
14 matches
Mail list logo