[ https://issues.apache.org/jira/browse/WICKET-6321?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16428647#comment-16428647 ]
ASF GitHub Bot commented on WICKET-6321: ---------------------------------------- Github user svenmeier commented on the issue: https://github.com/apache/wicket/pull/273 @tremel thanks for your usage example. It seems to me we're mixing at least three topics in this pull request: - JavaScriptReferenceHeaderItem needs integrity and and crossOrigin ... fine - JavaScriptUtils#writeJavaScriptUrl() is getting to many parameters, maybe an attribute map can help here? - references cannot alter the attributes of their headerItem (besides the url of course): defer, async, charset and now integrity and crossOrigin IMHO we should solve the last issue separately and uniformly, i.e. not IntegrityAttributed but maybe a broader interface for all attributes or just a callback that allows the reference to alter the headerItem. For now you could use an IHeaderResponseDecorator to set the attributes. > Support Integrity and Crossorigin attributes for > JavaScriptUrlReferenceHeaderItem > ---------------------------------------------------------------------------------- > > Key: WICKET-6321 > URL: https://issues.apache.org/jira/browse/WICKET-6321 > Project: Wicket > Issue Type: Improvement > Components: wicket > Affects Versions: 8.0.0-M3 > Reporter: Mikhail Fursov > Priority: Major > Fix For: 8.0.0 > > Attachments: CORS.zip, wicket-6321-20180306.diff, wicket-6321.diff > > > Example of secure script reference: > <script > src="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.0.0-alpha.6/js/bootstrap.min.js" > integrity="sha256-+kIbbrvS+0dNOjhmQJzmwe/RILR/8lb/+4+PUNVW09k=" > crossorigin="anonymous"></script> -- This message was sent by Atlassian JIRA (v7.6.3#76005)