This is an automated email from the ASF dual-hosted git repository. svenmeier pushed a commit to branch WICKET-6321-cross-origin-integrity in repository https://gitbox.apache.org/repos/asf/wicket.git
commit b41c6b8934607cf7f64c90a125cf746a11ab5eac Author: Sven Meier <svenme...@apache.org> AuthorDate: Mon Dec 9 19:44:08 2019 +0100 WICKET-6321 crossOrigin and integrity for reference --- .../apache/wicket/core/util/string/CssUtils.java | 2 + .../wicket/core/util/string/JavaScriptUtils.java | 2 + .../head/AbstractCssReferenceHeaderItem.java | 118 +++++++++++++++++++++ .../AbstractJavaScriptReferenceHeaderItem.java | 51 ++++++++- .../apache/wicket/markup/head/CssHeaderItem.java | 17 +-- .../wicket/markup/head/CssReferenceHeaderItem.java | 49 ++++----- .../markup/head/CssUrlReferenceHeaderItem.java | 39 ++----- .../wicket/markup/head/JavaScriptHeaderItem.java | 17 --- .../markup/head/JavaScriptReferenceHeaderItem.java | 2 +- .../head/JavaScriptUrlReferenceHeaderItem.java | 3 +- 10 files changed, 206 insertions(+), 94 deletions(-) diff --git a/wicket-core/src/main/java/org/apache/wicket/core/util/string/CssUtils.java b/wicket-core/src/main/java/org/apache/wicket/core/util/string/CssUtils.java index 521decf..7a69547 100644 --- a/wicket-core/src/main/java/org/apache/wicket/core/util/string/CssUtils.java +++ b/wicket-core/src/main/java/org/apache/wicket/core/util/string/CssUtils.java @@ -44,6 +44,8 @@ public final class CssUtils public static final String ATTR_LINK_MEDIA = "media"; public static final String ATTR_LINK_REL = "rel"; public static final String ATTR_CSP_NONCE = "nonce"; + public static final String ATTR_CROSS_ORIGIN = "crossOrigin"; + public static final String ATTR_INTEGRITY = "integrity"; /** * Hidden constructor. diff --git a/wicket-core/src/main/java/org/apache/wicket/core/util/string/JavaScriptUtils.java b/wicket-core/src/main/java/org/apache/wicket/core/util/string/JavaScriptUtils.java index 08b6a22..4038fe5 100644 --- a/wicket-core/src/main/java/org/apache/wicket/core/util/string/JavaScriptUtils.java +++ b/wicket-core/src/main/java/org/apache/wicket/core/util/string/JavaScriptUtils.java @@ -52,6 +52,8 @@ public class JavaScriptUtils public static final String ATTR_SCRIPT_DEFER = "defer"; public static final String ATTR_SCRIPT_ASYNC = "async"; public static final String ATTR_CSP_NONCE = "nonce"; + public static final String ATTR_CROSS_ORIGIN = "crossOrigin"; + public static final String ATTR_INTEGRITY = "integrity"; /** The response object */ private final Response response; diff --git a/wicket-core/src/main/java/org/apache/wicket/markup/head/AbstractCssReferenceHeaderItem.java b/wicket-core/src/main/java/org/apache/wicket/markup/head/AbstractCssReferenceHeaderItem.java new file mode 100644 index 0000000..0ae4f79 --- /dev/null +++ b/wicket-core/src/main/java/org/apache/wicket/markup/head/AbstractCssReferenceHeaderItem.java @@ -0,0 +1,118 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.wicket.markup.head; + +import java.util.Objects; + +import org.apache.wicket.core.util.string.CssUtils; +import org.apache.wicket.markup.html.CrossOrigin; +import org.apache.wicket.request.Response; +import org.apache.wicket.util.lang.Args; +import org.apache.wicket.util.value.AttributeMap; + +/** + * A {@link org.apache.wicket.markup.head.HeaderItem} that renders a CSS reference. + */ +public abstract class AbstractCssReferenceHeaderItem extends CssHeaderItem +{ + private final String media; + private final String rel; + private CrossOrigin crossOrigin; + private String integrity; + + public AbstractCssReferenceHeaderItem(String media, String rel) + { + this.media = media; + this.rel = rel; + } + + public CrossOrigin getCrossOrigin() + { + return crossOrigin; + } + + public AbstractCssReferenceHeaderItem setCrossOrigin(CrossOrigin crossOrigin) + { + this.crossOrigin = crossOrigin; + return this; + } + + /** + * @return the media type for this CSS ("print", "screen", etc.) + */ + public String getMedia() + { + return media; + } + + /** + * @return the rel attribute content + */ + public String getRel() + { + return rel; + } + + public String getIntegrity() + { + return integrity; + } + + public AbstractCssReferenceHeaderItem setIntegrity(String integrity) + { + this.integrity = integrity; + return this; + } + + protected final void internalRenderCSSReference(Response response, String url) + { + Args.notEmpty(url, "url"); + + AttributeMap attributes = new AttributeMap(); + attributes.putAttribute(CssUtils.ATTR_LINK_REL, getRel() == null ? "stylesheet" : getRel()); + attributes.putAttribute(CssUtils.ATTR_TYPE, "text/css"); + attributes.putAttribute(CssUtils.ATTR_LINK_HREF, url); + attributes.putAttribute(CssUtils.ATTR_ID, getId()); + attributes.putAttribute(CssUtils.ATTR_LINK_MEDIA, getMedia()); + attributes.putAttribute(CssUtils.ATTR_CROSS_ORIGIN, + crossOrigin == null ? null : crossOrigin.getRealName()); + attributes.putAttribute(CssUtils.ATTR_INTEGRITY, integrity); + attributes.putAttribute(CssUtils.ATTR_CSP_NONCE, getNonce()); + CssUtils.writeLink(response, attributes); + + response.write("\n"); + } + + + @Override + public boolean equals(Object o) + { + if (this == o) + return true; + if (o == null || getClass() != o.getClass()) + return false; + AbstractCssReferenceHeaderItem that = (AbstractCssReferenceHeaderItem)o; + return Objects.equals(integrity, that.integrity) + && Objects.equals(crossOrigin, that.crossOrigin); + } + + @Override + public int hashCode() + { + return Objects.hash(integrity, crossOrigin); + } +} diff --git a/wicket-core/src/main/java/org/apache/wicket/markup/head/AbstractJavaScriptReferenceHeaderItem.java b/wicket-core/src/main/java/org/apache/wicket/markup/head/AbstractJavaScriptReferenceHeaderItem.java index 136cb24..d91ac6f 100644 --- a/wicket-core/src/main/java/org/apache/wicket/markup/head/AbstractJavaScriptReferenceHeaderItem.java +++ b/wicket-core/src/main/java/org/apache/wicket/markup/head/AbstractJavaScriptReferenceHeaderItem.java @@ -18,15 +18,22 @@ package org.apache.wicket.markup.head; import java.util.Objects; +import org.apache.wicket.core.util.string.JavaScriptUtils; +import org.apache.wicket.markup.html.CrossOrigin; +import org.apache.wicket.request.Response; +import org.apache.wicket.util.lang.Args; +import org.apache.wicket.util.value.AttributeMap; + /** - * A {@link org.apache.wicket.markup.head.HeaderItem} that supports <em>async</em>, - * <em>defer</em> and <em>charset</em> attributes + * A {@link org.apache.wicket.markup.head.HeaderItem} that renders a JavaScript reference. */ public abstract class AbstractJavaScriptReferenceHeaderItem extends JavaScriptHeaderItem { private boolean async; private boolean defer; private String charset; + private CrossOrigin crossOrigin; + private String integrity; /** * Constructor. @@ -84,6 +91,46 @@ public abstract class AbstractJavaScriptReferenceHeaderItem extends JavaScriptHe return this; } + public CrossOrigin getCrossOrigin() + { + return crossOrigin; + } + + public AbstractJavaScriptReferenceHeaderItem setCrossOrigin(CrossOrigin crossOrigin) + { + this.crossOrigin = crossOrigin; + return this; + } + + public String getIntegrity() + { + return integrity; + } + + public AbstractJavaScriptReferenceHeaderItem setIntegrity(String integrity) + { + this.integrity = integrity; + return this; + } + + protected final void internalRenderJavaScriptReference(Response response, String url) + { + Args.notEmpty(url, "url"); + + AttributeMap attributes = new AttributeMap(); + attributes.putAttribute(JavaScriptUtils.ATTR_TYPE, "text/javascript"); + attributes.putAttribute(JavaScriptUtils.ATTR_ID, getId()); + attributes.putAttribute(JavaScriptUtils.ATTR_SCRIPT_DEFER, defer); + // XXX this attribute is not necessary for modern browsers + attributes.putAttribute("charset", charset); + attributes.putAttribute(JavaScriptUtils.ATTR_SCRIPT_ASYNC, async); + attributes.putAttribute(JavaScriptUtils.ATTR_SCRIPT_SRC, url); + attributes.putAttribute(JavaScriptUtils.ATTR_CSP_NONCE, getNonce()); + attributes.putAttribute(JavaScriptUtils.ATTR_CROSS_ORIGIN, getCrossOrigin() == null ? null : getCrossOrigin().getRealName()); + attributes.putAttribute(JavaScriptUtils.ATTR_INTEGRITY, getIntegrity()); + JavaScriptUtils.writeScript(response, attributes); + } + @Override public boolean equals(Object o) { diff --git a/wicket-core/src/main/java/org/apache/wicket/markup/head/CssHeaderItem.java b/wicket-core/src/main/java/org/apache/wicket/markup/head/CssHeaderItem.java index 459a56d..d79fe6b 100644 --- a/wicket-core/src/main/java/org/apache/wicket/markup/head/CssHeaderItem.java +++ b/wicket-core/src/main/java/org/apache/wicket/markup/head/CssHeaderItem.java @@ -19,6 +19,7 @@ package org.apache.wicket.markup.head; import java.util.Objects; import org.apache.wicket.core.util.string.CssUtils; +import org.apache.wicket.markup.html.CrossOrigin; import org.apache.wicket.request.Response; import org.apache.wicket.request.mapper.parameter.PageParameters; import org.apache.wicket.request.resource.ResourceReference; @@ -204,22 +205,6 @@ public abstract class CssHeaderItem extends AbstractCspHeaderItem return new CssUrlReferenceHeaderItem(url, media, rel); } - protected final void internalRenderCSSReference(Response response, String url, String media, String rel) - { - Args.notEmpty(url, "url"); - - AttributeMap attributes = new AttributeMap(); - attributes.putAttribute(CssUtils.ATTR_LINK_REL, rel == null ? "stylesheet" : rel); - attributes.putAttribute(CssUtils.ATTR_TYPE, "text/css"); - attributes.putAttribute(CssUtils.ATTR_LINK_HREF, url); - attributes.putAttribute(CssUtils.ATTR_ID, getId()); - attributes.putAttribute(CssUtils.ATTR_LINK_MEDIA, media); - attributes.putAttribute(CssUtils.ATTR_CSP_NONCE, getNonce()); - CssUtils.writeLink(response, attributes); - - response.write("\n"); - } - @Override public boolean equals(Object o) { diff --git a/wicket-core/src/main/java/org/apache/wicket/markup/head/CssReferenceHeaderItem.java b/wicket-core/src/main/java/org/apache/wicket/markup/head/CssReferenceHeaderItem.java index 758460d..f26ccc3 100644 --- a/wicket-core/src/main/java/org/apache/wicket/markup/head/CssReferenceHeaderItem.java +++ b/wicket-core/src/main/java/org/apache/wicket/markup/head/CssReferenceHeaderItem.java @@ -20,6 +20,7 @@ import java.util.Arrays; import java.util.List; import java.util.Objects; +import org.apache.wicket.markup.html.CrossOrigin; import org.apache.wicket.request.IRequestHandler; import org.apache.wicket.request.Response; import org.apache.wicket.request.cycle.RequestCycle; @@ -34,14 +35,12 @@ import org.apache.wicket.util.string.Strings; * * @author papegaaij */ -public class CssReferenceHeaderItem extends CssHeaderItem implements IReferenceHeaderItem +public class CssReferenceHeaderItem extends AbstractCssReferenceHeaderItem implements IReferenceHeaderItem { private static final long serialVersionUID = 1L; private final ResourceReference reference; - private final String media; private final PageParameters pageParameters; - private final String rel; /** * Creates a new {@code CSSReferenceHeaderItem}. @@ -56,10 +55,10 @@ public class CssReferenceHeaderItem extends CssHeaderItem implements IReferenceH public CssReferenceHeaderItem(ResourceReference reference, PageParameters pageParameters, String media) { + super(media, null); + this.reference = reference; this.pageParameters = pageParameters; - this.media = media; - this.rel = null; } /** @@ -77,10 +76,10 @@ public class CssReferenceHeaderItem extends CssHeaderItem implements IReferenceH public CssReferenceHeaderItem(ResourceReference reference, PageParameters pageParameters, String media, String rel) { + super(media, rel); + this.reference = reference; this.pageParameters = pageParameters; - this.media = media; - this.rel = rel; } /** @@ -94,29 +93,25 @@ public class CssReferenceHeaderItem extends CssHeaderItem implements IReferenceH } /** - * @return the media type for this CSS ("print", "screen", etc.) + * @return the parameters for this CSS resource reference */ - public String getMedia() + public PageParameters getPageParameters() { - return media; + return pageParameters; } - /** - * @return the rel attribute content - */ - public String getRel() + @Override + public CrossOrigin getCrossOrigin() { - return rel; + return null; } - - /** - * @return the parameters for this CSS resource reference - */ - public PageParameters getPageParameters() + + @Override + public String getIntegrity() { - return pageParameters; + return null; } - + @Override public List<HeaderItem> getDependencies() { @@ -134,13 +129,13 @@ public class CssReferenceHeaderItem extends CssHeaderItem implements IReferenceH @Override public void render(Response response) { - internalRenderCSSReference(response, getUrl(), media, getRel()); + internalRenderCSSReference(response, getUrl()); } @Override public Iterable<?> getRenderTokens() { - return Arrays.asList("css-" + Strings.stripJSessionId(getUrl()) + "-" + media); + return Arrays.asList("css-" + Strings.stripJSessionId(getUrl()) + "-" + getMedia()); } @Override @@ -159,7 +154,7 @@ public class CssReferenceHeaderItem extends CssHeaderItem implements IReferenceH @Override public int hashCode() { - return Objects.hash(super.hashCode(), reference, media, pageParameters, rel); + return Objects.hash(super.hashCode(), reference, getMedia(), pageParameters, getRel()); } @Override @@ -172,7 +167,7 @@ public class CssReferenceHeaderItem extends CssHeaderItem implements IReferenceH if (!super.equals(o)) return false; CssReferenceHeaderItem that = (CssReferenceHeaderItem)o; - return Objects.equals(reference, that.reference) && Objects.equals(media, that.media) && - Objects.equals(rel, that.rel) && Objects.equals(pageParameters, that.pageParameters); + return Objects.equals(reference, that.reference) && Objects.equals(getMedia(), that.getMedia()) && + Objects.equals(getRel(), that.getRel()) && Objects.equals(pageParameters, that.pageParameters); } } diff --git a/wicket-core/src/main/java/org/apache/wicket/markup/head/CssUrlReferenceHeaderItem.java b/wicket-core/src/main/java/org/apache/wicket/markup/head/CssUrlReferenceHeaderItem.java index 2b8de4b..5895b7b 100644 --- a/wicket-core/src/main/java/org/apache/wicket/markup/head/CssUrlReferenceHeaderItem.java +++ b/wicket-core/src/main/java/org/apache/wicket/markup/head/CssUrlReferenceHeaderItem.java @@ -29,13 +29,11 @@ import org.apache.wicket.request.cycle.RequestCycle; * * @author papegaaij */ -public class CssUrlReferenceHeaderItem extends CssHeaderItem +public class CssUrlReferenceHeaderItem extends AbstractCssReferenceHeaderItem { private static final long serialVersionUID = 1L; private final String url; - private final String media; - private final String rel; /** * Creates a new {@code CSSUrlReferenceHeaderItem}. @@ -49,9 +47,9 @@ public class CssUrlReferenceHeaderItem extends CssHeaderItem */ public CssUrlReferenceHeaderItem(String url, String media, String rel) { + super(media, rel); + this.url = url; - this.media = media; - this.rel = rel; } /** @@ -64,9 +62,9 @@ public class CssUrlReferenceHeaderItem extends CssHeaderItem */ public CssUrlReferenceHeaderItem(String url, String media) { + super(media, null); + this.url = url; - this.media = media; - this.rel = null; } /** @@ -77,34 +75,17 @@ public class CssUrlReferenceHeaderItem extends CssHeaderItem return url; } - /** - * @return the media type for this CSS ("print", "screen", etc.) - */ - public String getMedia() - { - return media; - } - - /** - * @return the rel attribute content - */ - public String getRel() - { - return rel; - } - @Override public void render(Response response) { - internalRenderCSSReference(response, - UrlUtils.rewriteToContextRelative(getUrl(), RequestCycle.get()), getMedia(), getRel()); + internalRenderCSSReference(response, UrlUtils.rewriteToContextRelative(getUrl(), RequestCycle.get())); } @Override public Iterable<?> getRenderTokens() { return Arrays.asList( - "css-" + UrlUtils.rewriteToContextRelative(getUrl(), RequestCycle.get()) + "-" + media); + "css-" + UrlUtils.rewriteToContextRelative(getUrl(), RequestCycle.get()) + "-" + getMedia()); } @Override @@ -116,7 +97,7 @@ public class CssUrlReferenceHeaderItem extends CssHeaderItem @Override public int hashCode() { - return Objects.hash(super.hashCode(), url, media, rel); + return Objects.hash(super.hashCode(), url, getMedia(), getRel()); } @Override @@ -129,7 +110,7 @@ public class CssUrlReferenceHeaderItem extends CssHeaderItem if (!super.equals(o)) return false; CssUrlReferenceHeaderItem that = (CssUrlReferenceHeaderItem)o; - return Objects.equals(url, that.url) && Objects.equals(media, that.media) && - Objects.equals(rel, that.rel); + return Objects.equals(url, that.url) && Objects.equals(getMedia(), that.getMedia()) && + Objects.equals(getRel(), that.getRel()); } } diff --git a/wicket-core/src/main/java/org/apache/wicket/markup/head/JavaScriptHeaderItem.java b/wicket-core/src/main/java/org/apache/wicket/markup/head/JavaScriptHeaderItem.java index 20e40fc..a32e525 100644 --- a/wicket-core/src/main/java/org/apache/wicket/markup/head/JavaScriptHeaderItem.java +++ b/wicket-core/src/main/java/org/apache/wicket/markup/head/JavaScriptHeaderItem.java @@ -186,23 +186,6 @@ public abstract class JavaScriptHeaderItem extends AbstractCspHeaderItem return new JavaScriptUrlReferenceHeaderItem(url, id, charset); } - protected final void internalRenderJavaScriptReference(Response response, String url, - String id, boolean defer, String charset, boolean async) - { - Args.notEmpty(url, "url"); - - AttributeMap attributes = new AttributeMap(); - attributes.putAttribute(JavaScriptUtils.ATTR_TYPE, "text/javascript"); - attributes.putAttribute(JavaScriptUtils.ATTR_ID, id); - attributes.putAttribute(JavaScriptUtils.ATTR_SCRIPT_DEFER, defer); - // XXX this attribute is not necessary for modern browsers - attributes.putAttribute("charset", charset); - attributes.putAttribute(JavaScriptUtils.ATTR_SCRIPT_ASYNC, async); - attributes.putAttribute(JavaScriptUtils.ATTR_SCRIPT_SRC, url); - attributes.putAttribute(JavaScriptUtils.ATTR_CSP_NONCE, getNonce()); - JavaScriptUtils.writeScript(response, attributes); - } - @Override public boolean equals(Object o) { diff --git a/wicket-core/src/main/java/org/apache/wicket/markup/head/JavaScriptReferenceHeaderItem.java b/wicket-core/src/main/java/org/apache/wicket/markup/head/JavaScriptReferenceHeaderItem.java index 5c8d42e..0ca3851 100644 --- a/wicket-core/src/main/java/org/apache/wicket/markup/head/JavaScriptReferenceHeaderItem.java +++ b/wicket-core/src/main/java/org/apache/wicket/markup/head/JavaScriptReferenceHeaderItem.java @@ -98,7 +98,7 @@ public class JavaScriptReferenceHeaderItem extends AbstractJavaScriptReferenceHe @Override public void render(Response response) { - internalRenderJavaScriptReference(response, getUrl(), getId(), isDefer(), getCharset(), isAsync()); + internalRenderJavaScriptReference(response, getUrl()); } @Override diff --git a/wicket-core/src/main/java/org/apache/wicket/markup/head/JavaScriptUrlReferenceHeaderItem.java b/wicket-core/src/main/java/org/apache/wicket/markup/head/JavaScriptUrlReferenceHeaderItem.java index 460978c..fff02b5 100644 --- a/wicket-core/src/main/java/org/apache/wicket/markup/head/JavaScriptUrlReferenceHeaderItem.java +++ b/wicket-core/src/main/java/org/apache/wicket/markup/head/JavaScriptUrlReferenceHeaderItem.java @@ -65,8 +65,7 @@ public class JavaScriptUrlReferenceHeaderItem extends AbstractJavaScriptReferenc public void render(Response response) { internalRenderJavaScriptReference(response, - UrlUtils.rewriteToContextRelative(getUrl(), RequestCycle.get()), getId(), isDefer(), - getCharset(), isAsync()); + UrlUtils.rewriteToContextRelative(getUrl(), RequestCycle.get())); } @Override