Done!
https://issues.apache.org/jira/browse/WICKET-4196
*Gert-Jan Schouten
Java Developer*
On 03/11/11 15:16, Igor Vaynberg wrote:
please create a jira issue.
-igor
On Thu, Nov 3, 2011 at 7:02 AM, Gert-Jan Schouten
gert-jan.schou...@roboreus.com wrote:
Hello!
The problem is that a
See the comments in the ticket
On Fri, Nov 4, 2011 at 11:57 AM, Gert-Jan Schouten
gert-jan.schou...@roboreus.com wrote:
Done!
https://issues.apache.org/jira/browse/WICKET-4196
*Gert-Jan Schouten
Java Developer*
On 03/11/11 15:16, Igor Vaynberg wrote:
please create a jira issue.
-igor
Hello all,
When having a Wicket application installed on Tomcat and you call that
application through HTTP, Wicket is protected against HTTP Response
Splitting. However, when you call Tomcat through AJP (for example
through an apache httpd proxy), HTTP Response Splitting becomes possible.
Hi,
Can you describe what exactly is the problem with these custom headers ?
On Thu, Nov 3, 2011 at 2:04 PM, Gert-Jan Schouten
gert-jan.schou...@roboreus.com wrote:
Hello all,
When having a Wicket application installed on Tomcat and you call that
application through HTTP, Wicket is protected
Hello!
The problem is that a hacker can now post URL's that look like they're
going to your site on some forum or in an email. But when the user
actually clicks on the link, a custom header could redirect the user to
a malicious site. In the example, I used EvilHeader, but it could be
any
please create a jira issue.
-igor
On Thu, Nov 3, 2011 at 7:02 AM, Gert-Jan Schouten
gert-jan.schou...@roboreus.com wrote:
Hello!
The problem is that a hacker can now post URL's that look like they're going
to your site on some forum or in an email. But when the user actually clicks
on the