Re: WebSocket close is being called if AjaxDownloader is used
Hello Martin, sorry for the delay here is the repo: https://github.com/solomax/wicket-ajax-download here is the commit with the ajax-download-via-iframe implementation: https://github.com/solomax/wicket-ajax-download/commit/407936d6f506aa047d9a12a3ecb7aa6c866eb052 Looking forward for your comments :) On Wed, Nov 9, 2016 at 5:02 AM, Martin Grigorovwrote: > Hi Maxim, > > Do you have progress on this ? > > Martin Grigorov > Wicket Training and Consulting > https://twitter.com/mtgrigorov > > On Thu, Nov 3, 2016 at 9:46 AM, Maxim Solodovnik > wrote: > >> I was hoping to get answer like: in 7.x you should use .xxx :))) >> Going to create example on github and will send it for review :) >> >> On Thu, Nov 3, 2016 at 3:43 PM, Martin Grigorov >> wrote: >> >> > On Thu, Nov 3, 2016 at 9:40 AM, Maxim Solodovnik >> > wrote: >> > >> > > It seems iframe is the only option :((( >> > > >> > >> > Why so sad ? >> > iframe is a good option >> > >> > >> > > here is the JS plugin wrapping this idea: >> > > http://johnculviner.com/jquery-file-download-plugin- >> > > for-ajax-like-feature-rich-file-downloads/ >> > > going to perform additional search >> > > >> > > Thanks for the idea! >> > > >> > > On Thu, Nov 3, 2016 at 3:36 PM, Ernesto Reinaldo Barreiro < >> > > reier...@gmail.com> wrote: >> > > >> > > > or maybe use a hidden iframe to trigger download... >> > > > >> > > > On Thu, Nov 3, 2016 at 9:28 AM, Ernesto Reinaldo Barreiro < >> > > > reier...@gmail.com> wrote: >> > > > >> > > > > I do not know if this is possible but >> > > > > >> > > > > 1- Open a new tab >> > > > > 2- Set location to download URL >> > > > > 3- Close the new tab >> > > > > >> > > > > That way (maybe) page does not close WebSocket connection. It would >> > > still >> > > > > be "AJAX"... >> > > > > >> > > > > >> > > > > On Thu, Nov 3, 2016 at 9:04 AM, Maxim Solodovnik < >> > solomax...@gmail.com >> > > > >> > > > > wrote: >> > > > > >> > > > >> I'm afraid It would be not really Ajax . >> > > > >> >> > > > >> On Thu, Nov 3, 2016 at 3:03 PM, Ernesto Reinaldo Barreiro < >> > > > >> reier...@gmail.com> wrote: >> > > > >> >> > > > >> > maybe open a second browser tab and do the download there... >> > > > >> > >> > > > >> > On Thu, Nov 3, 2016 at 8:51 AM, Maxim Solodovnik < >> > > > solomax...@gmail.com> >> > > > >> > wrote: >> > > > >> > >> > > > >> > > I'll try to create quick-start ASAP >> > > > >> > > >> > > > >> > > On Thu, Nov 3, 2016 at 2:51 PM, Maxim Solodovnik < >> > > > >> solomax...@gmail.com> >> > > > >> > > wrote: >> > > > >> > > >> > > > >> > > > AjaxDownload was for wicket 1.5.x (or maybe 6.x) >> > > > >> > > > maybe it can be enhanced to work without unload? >> > > > >> > > > >> > > > >> > > > On Thu, Nov 3, 2016 at 2:46 PM, Sven Meier > > >> > > > wrote: >> > > > >> > > > >> > > > >> > > >> AjaxDownload changes the window location - the browser >> > probably >> > > > >> > prepares >> > > > >> > > >> unloading of the page, before opening the attached download >> > in >> > > a >> > > > >> > > separate >> > > > >> > > >> window. >> > > > >> > > >> >> > > > >> > > >> Sven >> > > > >> > > >> >> > > > >> > > >> >> > > > >> > > >> >> > > > >> > > >> Am 03.11.2016 um 08:33 schrieb Martin Grigorov: >> > > > >> > > >> >> > > > >> > > >>> Hi Maxim, >> > > > >> > > >>> >> > > > >> > > >>> I don't see any relation between those. >> > > > >> > > >>> If it is easy to reproduce please create a quickstart. >> > > > >> > > >>> >> > > > >> > > >>> Martin Grigorov >> > > > >> > > >>> Wicket Training and Consulting >> > > > >> > > >>> https://twitter.com/mtgrigorov >> > > > >> > > >>> >> > > > >> > > >>> On Thu, Nov 3, 2016 at 4:16 AM, Maxim Solodovnik < >> > > > >> > solomax...@gmail.com >> > > > >> > > > >> > > > >> > > >>> wrote: >> > > > >> > > >>> >> > > > >> > > >>> Hello, >> > > > >> > > >> > > > >> > > Recently we found weird behavior of AjaxDownloader >> (similar >> > > to >> > > > >> this >> > > > >> > > [1] >> > > > >> > > one) >> > > > >> > > For some reason at the moment download is initiated >> > > > >> > > WebSocketBehavior::onClose is being called >> > > > >> > > What is the reason for this? >> > > > >> > > >> > > > >> > > >> > > > >> > > https://cwiki.apache.org/confluence/display/WICKET/ >> > > > >> > > AJAX+update+and+file+download+in+one+blow >> > > > >> > > >> > > > >> > > -- >> > > > >> > > WBR >> > > > >> > > Maxim aka solomax >> > > > >> > > >> > > > >> > > >> > > > >> > > >> >> > > > >> > > >> -- >> -- >> > > > >> - >> > > > >> > > >> To unsubscribe, e-mail: users-unsubscribe@wicket. >> apache.org >> > > > >> > > >> For additional commands, e-mail: >> > users-h...@wicket.apache.org >> > > > >> > > >> >> > > > >> > > >> >> > > > >> > > > >> > > > >> > > > >> > > > >> > > >
Re: WebSocket close is being called if AjaxDownloader is used
Hi Maxim, Do you have progress on this ? Martin Grigorov Wicket Training and Consulting https://twitter.com/mtgrigorov On Thu, Nov 3, 2016 at 9:46 AM, Maxim Solodovnikwrote: > I was hoping to get answer like: in 7.x you should use .xxx :))) > Going to create example on github and will send it for review :) > > On Thu, Nov 3, 2016 at 3:43 PM, Martin Grigorov > wrote: > > > On Thu, Nov 3, 2016 at 9:40 AM, Maxim Solodovnik > > wrote: > > > > > It seems iframe is the only option :((( > > > > > > > Why so sad ? > > iframe is a good option > > > > > > > here is the JS plugin wrapping this idea: > > > http://johnculviner.com/jquery-file-download-plugin- > > > for-ajax-like-feature-rich-file-downloads/ > > > going to perform additional search > > > > > > Thanks for the idea! > > > > > > On Thu, Nov 3, 2016 at 3:36 PM, Ernesto Reinaldo Barreiro < > > > reier...@gmail.com> wrote: > > > > > > > or maybe use a hidden iframe to trigger download... > > > > > > > > On Thu, Nov 3, 2016 at 9:28 AM, Ernesto Reinaldo Barreiro < > > > > reier...@gmail.com> wrote: > > > > > > > > > I do not know if this is possible but > > > > > > > > > > 1- Open a new tab > > > > > 2- Set location to download URL > > > > > 3- Close the new tab > > > > > > > > > > That way (maybe) page does not close WebSocket connection. It would > > > still > > > > > be "AJAX"... > > > > > > > > > > > > > > > On Thu, Nov 3, 2016 at 9:04 AM, Maxim Solodovnik < > > solomax...@gmail.com > > > > > > > > > wrote: > > > > > > > > > >> I'm afraid It would be not really Ajax . > > > > >> > > > > >> On Thu, Nov 3, 2016 at 3:03 PM, Ernesto Reinaldo Barreiro < > > > > >> reier...@gmail.com> wrote: > > > > >> > > > > >> > maybe open a second browser tab and do the download there... > > > > >> > > > > > >> > On Thu, Nov 3, 2016 at 8:51 AM, Maxim Solodovnik < > > > > solomax...@gmail.com> > > > > >> > wrote: > > > > >> > > > > > >> > > I'll try to create quick-start ASAP > > > > >> > > > > > > >> > > On Thu, Nov 3, 2016 at 2:51 PM, Maxim Solodovnik < > > > > >> solomax...@gmail.com> > > > > >> > > wrote: > > > > >> > > > > > > >> > > > AjaxDownload was for wicket 1.5.x (or maybe 6.x) > > > > >> > > > maybe it can be enhanced to work without unload? > > > > >> > > > > > > > >> > > > On Thu, Nov 3, 2016 at 2:46 PM, Sven Meier > > > > > wrote: > > > > >> > > > > > > > >> > > >> AjaxDownload changes the window location - the browser > > probably > > > > >> > prepares > > > > >> > > >> unloading of the page, before opening the attached download > > in > > > a > > > > >> > > separate > > > > >> > > >> window. > > > > >> > > >> > > > > >> > > >> Sven > > > > >> > > >> > > > > >> > > >> > > > > >> > > >> > > > > >> > > >> Am 03.11.2016 um 08:33 schrieb Martin Grigorov: > > > > >> > > >> > > > > >> > > >>> Hi Maxim, > > > > >> > > >>> > > > > >> > > >>> I don't see any relation between those. > > > > >> > > >>> If it is easy to reproduce please create a quickstart. > > > > >> > > >>> > > > > >> > > >>> Martin Grigorov > > > > >> > > >>> Wicket Training and Consulting > > > > >> > > >>> https://twitter.com/mtgrigorov > > > > >> > > >>> > > > > >> > > >>> On Thu, Nov 3, 2016 at 4:16 AM, Maxim Solodovnik < > > > > >> > solomax...@gmail.com > > > > >> > > > > > > > >> > > >>> wrote: > > > > >> > > >>> > > > > >> > > >>> Hello, > > > > >> > > > > > > >> > > Recently we found weird behavior of AjaxDownloader > (similar > > > to > > > > >> this > > > > >> > > [1] > > > > >> > > one) > > > > >> > > For some reason at the moment download is initiated > > > > >> > > WebSocketBehavior::onClose is being called > > > > >> > > What is the reason for this? > > > > >> > > > > > > >> > > > > > > >> > > https://cwiki.apache.org/confluence/display/WICKET/ > > > > >> > > AJAX+update+and+file+download+in+one+blow > > > > >> > > > > > > >> > > -- > > > > >> > > WBR > > > > >> > > Maxim aka solomax > > > > >> > > > > > > >> > > > > > > >> > > >> > > > > >> > > >> -- > -- > > > > >> - > > > > >> > > >> To unsubscribe, e-mail: users-unsubscribe@wicket. > apache.org > > > > >> > > >> For additional commands, e-mail: > > users-h...@wicket.apache.org > > > > >> > > >> > > > > >> > > >> > > > > >> > > > > > > > >> > > > > > > > >> > > > -- > > > > >> > > > WBR > > > > >> > > > Maxim aka solomax > > > > >> > > > > > > > >> > > > > > > >> > > > > > > >> > > > > > > >> > > -- > > > > >> > > WBR > > > > >> > > Maxim aka solomax > > > > >> > > > > > > >> > > > > > >> > > > > > >> > > > > > >> > -- > > > > >> > Regards - Ernesto Reinaldo Barreiro > > > > >> > > > > > >> > > > > >> > > > > >> > > > > >> -- > > > > >> WBR > > > > >> Maxim aka solomax > > > > >> > > > > > > > > > > > > > > > > > > > > -- > > > > > Regards - Ernesto Reinaldo Barreiro > > > > > > > > > > >
[ANNOUNCE] CVE-2016-6806: Apache Wicket CSRF detection vulnerability
CVE-2016-6806: Apache Wicket CSRF detection vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Wicket 6.20.0, 6.21.0, 6.22.0, 6.23.0, 6.24.0, 7.0.0, 7.1.0, 7.2.0, 7.3.0, 7.4.0 and 8.0.0-M1 Description: Affected versions of Apache Wicket provide a CSRF prevention measure that fails to discover some cross origin requests. The mitigation is to not only check the Origin HTTP header, but also take the Referer HTTP header into account when no Origin was provided. Furthermore, not all Wicket server side targets were subjected to the CSRF check. This was also fixed. Mitigation: 6.x users should upgrade to 6.25.0, 7.x users should upgrade to 7.5.0 and 8.0.0-M1 users should upgrade to 8.0.0-M2. Credit: This issue was discovered by Gerben Janssen van Doorn References: https://wicket.apache.org/news - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Wicket at ApacheCon EU 2016 Sevilla: in just 1 week!
All, If you haven't figured out what to do with your training budget for this year, you really should consider attending ApacheCon in Sevilla, Spain. 2 awesome sessions about Apache Wicket, the chance to discuss with core contributors of your favorite Apache projects, even with Andrea and myself! It is the best opportunity to work on Wicket, ask Wicket questions in person, share your experiences and learn from ours! http://events.linuxfoundation.org/events/apachecon-europe Don't hesitate and go register now! Martijn - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org