This is an automated email from the ASF dual-hosted git repository.
svenmeier pushed a commit to branch WICKET-6321-cross-origin-integrity
in repository https://gitbox.apache.org/repos/asf/wicket.git
commit b41c6b8934607cf7f64c90a125cf746a11ab5eac
Author: Sven Meier <svenme...@apache.org>
AuthorDate: Mon Dec 9 19:44:08 2019 +0100
WICKET-6321 crossOrigin and integrity for reference
---
.../apache/wicket/core/util/string/CssUtils.java | 2 +
.../wicket/core/util/string/JavaScriptUtils.java | 2 +
.../head/AbstractCssReferenceHeaderItem.java | 118 +++++++++++++++++++++
.../AbstractJavaScriptReferenceHeaderItem.java | 51 ++++++++-
.../apache/wicket/markup/head/CssHeaderItem.java | 17 +--
.../wicket/markup/head/CssReferenceHeaderItem.java | 49 ++++-----
.../markup/head/CssUrlReferenceHeaderItem.java | 39 ++-----
.../wicket/markup/head/JavaScriptHeaderItem.java | 17 ---
.../markup/head/JavaScriptReferenceHeaderItem.java | 2 +-
.../head/JavaScriptUrlReferenceHeaderItem.java | 3 +-
10 files changed, 206 insertions(+), 94 deletions(-)
diff --git
a/wicket-core/src/main/java/org/apache/wicket/core/util/string/CssUtils.java
b/wicket-core/src/main/java/org/apache/wicket/core/util/string/CssUtils.java
index 521decf..7a69547 100644
--- a/wicket-core/src/main/java/org/apache/wicket/core/util/string/CssUtils.java
+++ b/wicket-core/src/main/java/org/apache/wicket/core/util/string/CssUtils.java
@@ -44,6 +44,8 @@ public final class CssUtils
public static final String ATTR_LINK_MEDIA = "media";
public static final String ATTR_LINK_REL = "rel";
public static final String ATTR_CSP_NONCE = "nonce";
+ public static final String ATTR_CROSS_ORIGIN = "crossOrigin";
+ public static final String ATTR_INTEGRITY = "integrity";
/**
* Hidden constructor.
diff --git
a/wicket-core/src/main/java/org/apache/wicket/core/util/string/JavaScriptUtils.java
b/wicket-core/src/main/java/org/apache/wicket/core/util/string/JavaScriptUtils.java
index 08b6a22..4038fe5 100644
---
a/wicket-core/src/main/java/org/apache/wicket/core/util/string/JavaScriptUtils.java
+++
b/wicket-core/src/main/java/org/apache/wicket/core/util/string/JavaScriptUtils.java
@@ -52,6 +52,8 @@ public class JavaScriptUtils
public static final String ATTR_SCRIPT_DEFER = "defer";
public static final String ATTR_SCRIPT_ASYNC = "async";
public static final String ATTR_CSP_NONCE = "nonce";
+ public static final String ATTR_CROSS_ORIGIN = "crossOrigin";
+ public static final String ATTR_INTEGRITY = "integrity";
/** The response object */
private final Response response;
diff --git
a/wicket-core/src/main/java/org/apache/wicket/markup/head/AbstractCssReferenceHeaderItem.java
b/wicket-core/src/main/java/org/apache/wicket/markup/head/AbstractCssReferenceHeaderItem.java
new file mode 100644
index 0000000..0ae4f79
--- /dev/null
+++
b/wicket-core/src/main/java/org/apache/wicket/markup/head/AbstractCssReferenceHeaderItem.java
@@ -0,0 +1,118 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.wicket.markup.head;
+
+import java.util.Objects;
+
+import org.apache.wicket.core.util.string.CssUtils;
+import org.apache.wicket.markup.html.CrossOrigin;
+import org.apache.wicket.request.Response;
+import org.apache.wicket.util.lang.Args;
+import org.apache.wicket.util.value.AttributeMap;
+
+/**
+ * A {@link org.apache.wicket.markup.head.HeaderItem} that renders a CSS
reference.
+ */
+public abstract class AbstractCssReferenceHeaderItem extends CssHeaderItem
+{
+ private final String media;
+ private final String rel;
+ private CrossOrigin crossOrigin;
+ private String integrity;
+
+ public AbstractCssReferenceHeaderItem(String media, String rel)
+ {
+ this.media = media;
+ this.rel = rel;
+ }
+
+ public CrossOrigin getCrossOrigin()
+ {
+ return crossOrigin;
+ }
+
+ public AbstractCssReferenceHeaderItem setCrossOrigin(CrossOrigin
crossOrigin)
+ {
+ this.crossOrigin = crossOrigin;
+ return this;
+ }
+
+ /**
+ * @return the media type for this CSS ("print", "screen", etc.)
+ */
+ public String getMedia()
+ {
+ return media;
+ }
+
+ /**
+ * @return the rel attribute content
+ */
+ public String getRel()
+ {
+ return rel;
+ }
+
+ public String getIntegrity()
+ {
+ return integrity;
+ }
+
+ public AbstractCssReferenceHeaderItem setIntegrity(String integrity)
+ {
+ this.integrity = integrity;
+ return this;
+ }
+
+ protected final void internalRenderCSSReference(Response response,
String url)
+ {
+ Args.notEmpty(url, "url");
+
+ AttributeMap attributes = new AttributeMap();
+ attributes.putAttribute(CssUtils.ATTR_LINK_REL, getRel() ==
null ? "stylesheet" : getRel());
+ attributes.putAttribute(CssUtils.ATTR_TYPE, "text/css");
+ attributes.putAttribute(CssUtils.ATTR_LINK_HREF, url);
+ attributes.putAttribute(CssUtils.ATTR_ID, getId());
+ attributes.putAttribute(CssUtils.ATTR_LINK_MEDIA, getMedia());
+ attributes.putAttribute(CssUtils.ATTR_CROSS_ORIGIN,
+ crossOrigin == null ? null : crossOrigin.getRealName());
+ attributes.putAttribute(CssUtils.ATTR_INTEGRITY, integrity);
+ attributes.putAttribute(CssUtils.ATTR_CSP_NONCE, getNonce());
+ CssUtils.writeLink(response, attributes);
+
+ response.write("\n");
+ }
+
+
+ @Override
+ public boolean equals(Object o)
+ {
+ if (this == o)
+ return true;
+ if (o == null || getClass() != o.getClass())
+ return false;
+ AbstractCssReferenceHeaderItem that =
(AbstractCssReferenceHeaderItem)o;
+ return Objects.equals(integrity, that.integrity)
+ && Objects.equals(crossOrigin, that.crossOrigin);
+ }
+
+ @Override
+ public int hashCode()
+ {
+ return Objects.hash(integrity, crossOrigin);
+ }
+}
diff --git
a/wicket-core/src/main/java/org/apache/wicket/markup/head/AbstractJavaScriptReferenceHeaderItem.java
b/wicket-core/src/main/java/org/apache/wicket/markup/head/AbstractJavaScriptReferenceHeaderItem.java
index 136cb24..d91ac6f 100644
---
a/wicket-core/src/main/java/org/apache/wicket/markup/head/AbstractJavaScriptReferenceHeaderItem.java
+++
b/wicket-core/src/main/java/org/apache/wicket/markup/head/AbstractJavaScriptReferenceHeaderItem.java
@@ -18,15 +18,22 @@ package org.apache.wicket.markup.head;
import java.util.Objects;
+import org.apache.wicket.core.util.string.JavaScriptUtils;
+import org.apache.wicket.markup.html.CrossOrigin;
+import org.apache.wicket.request.Response;
+import org.apache.wicket.util.lang.Args;
+import org.apache.wicket.util.value.AttributeMap;
+
/**
- * A {@link org.apache.wicket.markup.head.HeaderItem} that supports
<em>async</em>,
- * <em>defer</em> and <em>charset</em> attributes
+ * A {@link org.apache.wicket.markup.head.HeaderItem} that renders a
JavaScript reference.
*/
public abstract class AbstractJavaScriptReferenceHeaderItem extends
JavaScriptHeaderItem
{
private boolean async;
private boolean defer;
private String charset;
+ private CrossOrigin crossOrigin;
+ private String integrity;
/**
* Constructor.
@@ -84,6 +91,46 @@ public abstract class AbstractJavaScriptReferenceHeaderItem
extends JavaScriptHe
return this;
}
+ public CrossOrigin getCrossOrigin()
+ {
+ return crossOrigin;
+ }
+
+ public AbstractJavaScriptReferenceHeaderItem setCrossOrigin(CrossOrigin
crossOrigin)
+ {
+ this.crossOrigin = crossOrigin;
+ return this;
+ }
+
+ public String getIntegrity()
+ {
+ return integrity;
+ }
+
+ public AbstractJavaScriptReferenceHeaderItem setIntegrity(String
integrity)
+ {
+ this.integrity = integrity;
+ return this;
+ }
+
+ protected final void internalRenderJavaScriptReference(Response
response, String url)
+ {
+ Args.notEmpty(url, "url");
+
+ AttributeMap attributes = new AttributeMap();
+ attributes.putAttribute(JavaScriptUtils.ATTR_TYPE,
"text/javascript");
+ attributes.putAttribute(JavaScriptUtils.ATTR_ID, getId());
+ attributes.putAttribute(JavaScriptUtils.ATTR_SCRIPT_DEFER,
defer);
+ // XXX this attribute is not necessary for modern browsers
+ attributes.putAttribute("charset", charset);
+ attributes.putAttribute(JavaScriptUtils.ATTR_SCRIPT_ASYNC,
async);
+ attributes.putAttribute(JavaScriptUtils.ATTR_SCRIPT_SRC, url);
+ attributes.putAttribute(JavaScriptUtils.ATTR_CSP_NONCE,
getNonce());
+ attributes.putAttribute(JavaScriptUtils.ATTR_CROSS_ORIGIN,
getCrossOrigin() == null ? null : getCrossOrigin().getRealName());
+ attributes.putAttribute(JavaScriptUtils.ATTR_INTEGRITY,
getIntegrity());
+ JavaScriptUtils.writeScript(response, attributes);
+ }
+
@Override
public boolean equals(Object o)
{
diff --git
a/wicket-core/src/main/java/org/apache/wicket/markup/head/CssHeaderItem.java
b/wicket-core/src/main/java/org/apache/wicket/markup/head/CssHeaderItem.java
index 459a56d..d79fe6b 100644
--- a/wicket-core/src/main/java/org/apache/wicket/markup/head/CssHeaderItem.java
+++ b/wicket-core/src/main/java/org/apache/wicket/markup/head/CssHeaderItem.java
@@ -19,6 +19,7 @@ package org.apache.wicket.markup.head;
import java.util.Objects;
import org.apache.wicket.core.util.string.CssUtils;
+import org.apache.wicket.markup.html.CrossOrigin;
import org.apache.wicket.request.Response;
import org.apache.wicket.request.mapper.parameter.PageParameters;
import org.apache.wicket.request.resource.ResourceReference;
@@ -204,22 +205,6 @@ public abstract class CssHeaderItem extends
AbstractCspHeaderItem
return new CssUrlReferenceHeaderItem(url, media, rel);
}
- protected final void internalRenderCSSReference(Response response,
String url, String media, String rel)
- {
- Args.notEmpty(url, "url");
-
- AttributeMap attributes = new AttributeMap();
- attributes.putAttribute(CssUtils.ATTR_LINK_REL, rel == null ?
"stylesheet" : rel);
- attributes.putAttribute(CssUtils.ATTR_TYPE, "text/css");
- attributes.putAttribute(CssUtils.ATTR_LINK_HREF, url);
- attributes.putAttribute(CssUtils.ATTR_ID, getId());
- attributes.putAttribute(CssUtils.ATTR_LINK_MEDIA, media);
- attributes.putAttribute(CssUtils.ATTR_CSP_NONCE, getNonce());
- CssUtils.writeLink(response, attributes);
-
- response.write("\n");
- }
-
@Override
public boolean equals(Object o)
{
diff --git
a/wicket-core/src/main/java/org/apache/wicket/markup/head/CssReferenceHeaderItem.java
b/wicket-core/src/main/java/org/apache/wicket/markup/head/CssReferenceHeaderItem.java
index 758460d..f26ccc3 100644
---
a/wicket-core/src/main/java/org/apache/wicket/markup/head/CssReferenceHeaderItem.java
+++
b/wicket-core/src/main/java/org/apache/wicket/markup/head/CssReferenceHeaderItem.java
@@ -20,6 +20,7 @@ import java.util.Arrays;
import java.util.List;
import java.util.Objects;
+import org.apache.wicket.markup.html.CrossOrigin;
import org.apache.wicket.request.IRequestHandler;
import org.apache.wicket.request.Response;
import org.apache.wicket.request.cycle.RequestCycle;
@@ -34,14 +35,12 @@ import org.apache.wicket.util.string.Strings;
*
* @author papegaaij
*/
-public class CssReferenceHeaderItem extends CssHeaderItem implements
IReferenceHeaderItem
+public class CssReferenceHeaderItem extends AbstractCssReferenceHeaderItem
implements IReferenceHeaderItem
{
private static final long serialVersionUID = 1L;
private final ResourceReference reference;
- private final String media;
private final PageParameters pageParameters;
- private final String rel;
/**
* Creates a new {@code CSSReferenceHeaderItem}.
@@ -56,10 +55,10 @@ public class CssReferenceHeaderItem extends CssHeaderItem
implements IReferenceH
public CssReferenceHeaderItem(ResourceReference reference,
PageParameters pageParameters,
String media)
{
+ super(media, null);
+
this.reference = reference;
this.pageParameters = pageParameters;
- this.media = media;
- this.rel = null;
}
/**
@@ -77,10 +76,10 @@ public class CssReferenceHeaderItem extends CssHeaderItem
implements IReferenceH
public CssReferenceHeaderItem(ResourceReference reference,
PageParameters pageParameters,
String media, String rel)
{
+ super(media, rel);
+
this.reference = reference;
this.pageParameters = pageParameters;
- this.media = media;
- this.rel = rel;
}
/**
@@ -94,29 +93,25 @@ public class CssReferenceHeaderItem extends CssHeaderItem
implements IReferenceH
}
/**
- * @return the media type for this CSS ("print", "screen", etc.)
+ * @return the parameters for this CSS resource reference
*/
- public String getMedia()
+ public PageParameters getPageParameters()
{
- return media;
+ return pageParameters;
}
- /**
- * @return the rel attribute content
- */
- public String getRel()
+ @Override
+ public CrossOrigin getCrossOrigin()
{
- return rel;
+ return null;
}
-
- /**
- * @return the parameters for this CSS resource reference
- */
- public PageParameters getPageParameters()
+
+ @Override
+ public String getIntegrity()
{
- return pageParameters;
+ return null;
}
-
+
@Override
public List<HeaderItem> getDependencies()
{
@@ -134,13 +129,13 @@ public class CssReferenceHeaderItem extends CssHeaderItem
implements IReferenceH
@Override
public void render(Response response)
{
- internalRenderCSSReference(response, getUrl(), media, getRel());
+ internalRenderCSSReference(response, getUrl());
}
@Override
public Iterable<?> getRenderTokens()
{
- return Arrays.asList("css-" + Strings.stripJSessionId(getUrl())
+ "-" + media);
+ return Arrays.asList("css-" + Strings.stripJSessionId(getUrl())
+ "-" + getMedia());
}
@Override
@@ -159,7 +154,7 @@ public class CssReferenceHeaderItem extends CssHeaderItem
implements IReferenceH
@Override
public int hashCode()
{
- return Objects.hash(super.hashCode(), reference, media,
pageParameters, rel);
+ return Objects.hash(super.hashCode(), reference, getMedia(),
pageParameters, getRel());
}
@Override
@@ -172,7 +167,7 @@ public class CssReferenceHeaderItem extends CssHeaderItem
implements IReferenceH
if (!super.equals(o))
return false;
CssReferenceHeaderItem that = (CssReferenceHeaderItem)o;
- return Objects.equals(reference, that.reference) &&
Objects.equals(media, that.media) &&
- Objects.equals(rel, that.rel) &&
Objects.equals(pageParameters, that.pageParameters);
+ return Objects.equals(reference, that.reference) &&
Objects.equals(getMedia(), that.getMedia()) &&
+ Objects.equals(getRel(), that.getRel()) &&
Objects.equals(pageParameters, that.pageParameters);
}
}
diff --git
a/wicket-core/src/main/java/org/apache/wicket/markup/head/CssUrlReferenceHeaderItem.java
b/wicket-core/src/main/java/org/apache/wicket/markup/head/CssUrlReferenceHeaderItem.java
index 2b8de4b..5895b7b 100644
---
a/wicket-core/src/main/java/org/apache/wicket/markup/head/CssUrlReferenceHeaderItem.java
+++
b/wicket-core/src/main/java/org/apache/wicket/markup/head/CssUrlReferenceHeaderItem.java
@@ -29,13 +29,11 @@ import org.apache.wicket.request.cycle.RequestCycle;
*
* @author papegaaij
*/
-public class CssUrlReferenceHeaderItem extends CssHeaderItem
+public class CssUrlReferenceHeaderItem extends AbstractCssReferenceHeaderItem
{
private static final long serialVersionUID = 1L;
private final String url;
- private final String media;
- private final String rel;
/**
* Creates a new {@code CSSUrlReferenceHeaderItem}.
@@ -49,9 +47,9 @@ public class CssUrlReferenceHeaderItem extends CssHeaderItem
*/
public CssUrlReferenceHeaderItem(String url, String media, String rel)
{
+ super(media, rel);
+
this.url = url;
- this.media = media;
- this.rel = rel;
}
/**
@@ -64,9 +62,9 @@ public class CssUrlReferenceHeaderItem extends CssHeaderItem
*/
public CssUrlReferenceHeaderItem(String url, String media)
{
+ super(media, null);
+
this.url = url;
- this.media = media;
- this.rel = null;
}
/**
@@ -77,34 +75,17 @@ public class CssUrlReferenceHeaderItem extends CssHeaderItem
return url;
}
- /**
- * @return the media type for this CSS ("print", "screen", etc.)
- */
- public String getMedia()
- {
- return media;
- }
-
- /**
- * @return the rel attribute content
- */
- public String getRel()
- {
- return rel;
- }
-
@Override
public void render(Response response)
{
- internalRenderCSSReference(response,
- UrlUtils.rewriteToContextRelative(getUrl(),
RequestCycle.get()), getMedia(), getRel());
+ internalRenderCSSReference(response,
UrlUtils.rewriteToContextRelative(getUrl(), RequestCycle.get()));
}
@Override
public Iterable<?> getRenderTokens()
{
return Arrays.asList(
- "css-" + UrlUtils.rewriteToContextRelative(getUrl(),
RequestCycle.get()) + "-" + media);
+ "css-" + UrlUtils.rewriteToContextRelative(getUrl(),
RequestCycle.get()) + "-" + getMedia());
}
@Override
@@ -116,7 +97,7 @@ public class CssUrlReferenceHeaderItem extends CssHeaderItem
@Override
public int hashCode()
{
- return Objects.hash(super.hashCode(), url, media, rel);
+ return Objects.hash(super.hashCode(), url, getMedia(),
getRel());
}
@Override
@@ -129,7 +110,7 @@ public class CssUrlReferenceHeaderItem extends CssHeaderItem
if (!super.equals(o))
return false;
CssUrlReferenceHeaderItem that = (CssUrlReferenceHeaderItem)o;
- return Objects.equals(url, that.url) && Objects.equals(media,
that.media) &&
- Objects.equals(rel, that.rel);
+ return Objects.equals(url, that.url) &&
Objects.equals(getMedia(), that.getMedia()) &&
+ Objects.equals(getRel(), that.getRel());
}
}
diff --git
a/wicket-core/src/main/java/org/apache/wicket/markup/head/JavaScriptHeaderItem.java
b/wicket-core/src/main/java/org/apache/wicket/markup/head/JavaScriptHeaderItem.java
index 20e40fc..a32e525 100644
---
a/wicket-core/src/main/java/org/apache/wicket/markup/head/JavaScriptHeaderItem.java
+++
b/wicket-core/src/main/java/org/apache/wicket/markup/head/JavaScriptHeaderItem.java
@@ -186,23 +186,6 @@ public abstract class JavaScriptHeaderItem extends
AbstractCspHeaderItem
return new JavaScriptUrlReferenceHeaderItem(url, id, charset);
}
- protected final void internalRenderJavaScriptReference(Response
response, String url,
- String id, boolean defer, String charset, boolean async)
- {
- Args.notEmpty(url, "url");
-
- AttributeMap attributes = new AttributeMap();
- attributes.putAttribute(JavaScriptUtils.ATTR_TYPE,
"text/javascript");
- attributes.putAttribute(JavaScriptUtils.ATTR_ID, id);
- attributes.putAttribute(JavaScriptUtils.ATTR_SCRIPT_DEFER,
defer);
- // XXX this attribute is not necessary for modern browsers
- attributes.putAttribute("charset", charset);
- attributes.putAttribute(JavaScriptUtils.ATTR_SCRIPT_ASYNC,
async);
- attributes.putAttribute(JavaScriptUtils.ATTR_SCRIPT_SRC, url);
- attributes.putAttribute(JavaScriptUtils.ATTR_CSP_NONCE,
getNonce());
- JavaScriptUtils.writeScript(response, attributes);
- }
-
@Override
public boolean equals(Object o)
{
diff --git
a/wicket-core/src/main/java/org/apache/wicket/markup/head/JavaScriptReferenceHeaderItem.java
b/wicket-core/src/main/java/org/apache/wicket/markup/head/JavaScriptReferenceHeaderItem.java
index 5c8d42e..0ca3851 100644
---
a/wicket-core/src/main/java/org/apache/wicket/markup/head/JavaScriptReferenceHeaderItem.java
+++
b/wicket-core/src/main/java/org/apache/wicket/markup/head/JavaScriptReferenceHeaderItem.java
@@ -98,7 +98,7 @@ public class JavaScriptReferenceHeaderItem extends
AbstractJavaScriptReferenceHe
@Override
public void render(Response response)
{
- internalRenderJavaScriptReference(response, getUrl(), getId(),
isDefer(), getCharset(), isAsync());
+ internalRenderJavaScriptReference(response, getUrl());
}
@Override
diff --git
a/wicket-core/src/main/java/org/apache/wicket/markup/head/JavaScriptUrlReferenceHeaderItem.java
b/wicket-core/src/main/java/org/apache/wicket/markup/head/JavaScriptUrlReferenceHeaderItem.java
index 460978c..fff02b5 100644
---
a/wicket-core/src/main/java/org/apache/wicket/markup/head/JavaScriptUrlReferenceHeaderItem.java
+++
b/wicket-core/src/main/java/org/apache/wicket/markup/head/JavaScriptUrlReferenceHeaderItem.java
@@ -65,8 +65,7 @@ public class JavaScriptUrlReferenceHeaderItem extends
AbstractJavaScriptReferenc
public void render(Response response)
{
internalRenderJavaScriptReference(response,
- UrlUtils.rewriteToContextRelative(getUrl(),
RequestCycle.get()), getId(), isDefer(),
- getCharset(), isAsync());
+ UrlUtils.rewriteToContextRelative(getUrl(),
RequestCycle.get()));
}
@Override
