Hi,
there's no direct equivalent in 1.4.
Your WebApplication#newRequestCycleProcessor() could provide a processor
subclass, doing some extra stuff before delegating to the super
implementation.
But you're probably better off just using a custom servlet filter.
Have fun
Sven
Am 01.08.2018
In our Wicket 6 projects, we have a IRequestCycleListener that does some
things we want to do for every request (primarily involving auditing and a
few other nits). We also have a couple 1.4 apps that we haven't been given
permission to upgrade, but we want to add this same auditing listener. Is
PRs are welcome :))) sources for the guide are located here:
https://github.com/apache/wicket/tree/master/wicket-user-guide/src/main/asciidoc
Ajax components requires 'unsafe-inline' 'unsafe-eval', not sure how
this can be fixed :(
On Wed, Aug 1, 2018 at 2:32 PM Major Péter wrote:
>
> Hi,
>
>
Hi,
In that case I would suggest default-src 'self' as a better starting
point. The problem remains though, if one uses Ajax and/or has
placeholder tags for invisible components, one must have at least:
Content-Security-Policy: script-src 'self' 'unsafe-inline'
'unsafe-eval'; style-src 'self'
Hello Peter,
I also believe the general rule should be: deny All then allow one-by-one
but this is general principle, the guide describing some configuration
you can start with :)
On Mon, Jul 30, 2018 at 3:50 PM Major Péter wrote:
>
> Hi,
>
> thanks, I haven't seen that one yet (I'm coming back
