Re: Wicket inserting a div with inline styles on every form, vs. Content-Security-Policy

On Wed, Mar 29, 2017 at 5:48 PM, Martin Grigorov <mgrigo...@apache.org> wrote: > On Wed, Mar 29, 2017 at 4:50 AM, Trejkaz <trej...@trypticon.org> wrote: >> So I guess I'd have to wait until Wicket these things to non-inline, >> and I see someone else already filed a tick

Re: Wicket inserting a div with inline styles on every form, vs. Content-Security-Policy

On Tue, Mar 28, 2017 at 5:17 PM, Martin Grigorov wrote: > Doesn't this break Ajax ? > Wicket-Ajax uses eval() to execute target.appendJavaScript (and #prepend) > and I have the feeling it won't work with this setup. You're right about that. We only have one page which uses

Wicket inserting a div with inline styles on every form, vs. Content-Security-Policy

Hi all. I'm trying to improve site security. The Wicket guide mentions a few ways to improve this: https://ci.apache.org/projects/wicket/guide/7.x/single.html#_external_security_checks In particular, there is this one: response.setHeader("Content-Security-Policy", "default-src https:");

Re: As of Wicket 6.something, info messages now wiped out during redirect?

On Mon, Mar 27, 2017 at 5:27 PM, Martin Grigorov wrote: > The only way I see is to > override org.apache.wicket.Component#getFeedbackMessages() to delegate > to org.apache.wicket.Session#getFeedbackMessages() but you will have to do > this for each and every component ... >

Re: As of Wicket 6.something, info messages now wiped out during redirect?

On Mon, Mar 27, 2017 at 4:42 PM, Sebastien wrote: > Hi, > > Yes, the message is lost. For such a use case, you have to use > Session.get().info(), so your message remains available after the redirect. I see... so looking at the info() method itself, on v1.5, info() goes into

As of Wicket 6.something, info messages now wiped out during redirect?

ssageFilter verifies that it does get called and that every single call returns false. At this point I can't figure out why the messages are being deleted so again, asking here whether we're doing something wrong, or whether this is a bug. Demo code here: https://github.com/trejkaz/wicket-f

Re: Does FormTester no longer pass the parameters to the page constructor when submitting the form?

Okay, turns out to have actually been fixed in 6.13, but caching was messing me up. It was the fix in AbstractBookmarkableMapper which makes it work. It seems like I can wrap the request mapper used in the tester to put the parameters back on in the same situation, which works for 1.5. TX @@

Re: Does FormTester no longer pass the parameters to the page constructor when submitting the form?

On Fri, Mar 24, 2017 at 7:58 PM, Maxim Solodovnik wrote: > In one of our projects I did Wicket 1.4 -> Wicket6 jump :) > Not that scared :) I tried 1.5 to 6.x a couple years ago, and after doing all the code changes, almost every test failed due to Wicket calling our code a

Re: Does FormTester no longer pass the parameters to the page constructor when submitting the form?

On Fri, Mar 24, 2017 at 7:30 PM, Martin Grigorov wrote: > Hi, > > Wicket 1.5.x is not maintained anymore. Only security related issues are > being processed. > Please update your demo app to 6.26.0 and if it still fails then create a > ticket at JIRA! 6.26.0 does appear to

Re: Does FormTester no longer pass the parameters to the page constructor when submitting the form?

I made a quick demo: https://github.com/trejkaz/wicket-form-tester-problems I also set up HomePage so that it links to a group page for testing manually, and interestingly, when running Wicket itself and hitting it with a web browser, the form works fine. So it's weird that it would fail

Does FormTester no longer pass the parameters to the page constructor when submitting the form?

I'm taking another shot at updating from 1.5.7 to 1.5.8, so that hopefully I can eventually update to 6. I've made the massive number of expectation changes to reflect how WicketTester now calls the page objects, but some tests still fail. On some investigation, I found that weird stuff is going