[
https://issues.apache.org/jira/browse/WICKET-5326?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13748827#comment-13748827
]
Sven Meier commented on WICKET-5326:
------------------------------------
Since WICKET-4865 urls to the home page are no longer encrypted. See
CryptoMapperTest#homePageWithParameters():
"When the home page url is requested, with parameters, the url will contain
only page parameters. It should not be encrypted, otherwise we get needless
redirects."
I'm not sure which redirects @Martin is referring to. A quick test with
removing the check url.getSegments().isEmpty() from CryptoMapper works fine for
the quickstart.
> Wicket doesn't encrypt links and Ajax URLs when CryptoMapper is used
> --------------------------------------------------------------------
>
> Key: WICKET-5326
> URL: https://issues.apache.org/jira/browse/WICKET-5326
> Project: Wicket
> Issue Type: Bug
> Affects Versions: 6.10.0
> Environment: Linux
> Reporter: Walter B. Rasmann
> Labels: security
> Attachments: 5326.tar.gz
>
>
> URL encryption does not work in Wicket links and Ajax URLs.
> For links the URL appears unencrypted in the href attribute value and is only
> later forwarded to the encrypted URL using a 302 response.
> I am uploading a quickstart.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
