This is an automated email from the ASF dual-hosted git repository.
svenmeier pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/wicket.git
commit 89ff73180766cbeb778f3c7b9f559cfb0df38436
Author: Sven Meier <svenme...@apache.org>
AuthorDate: Mon Mar 16 20:07:50 2020 +0100
WICKET-6747 moved pageRender filter
to settings, so it is easier to adjust
---
.../apache/wicket/csp/CSPRequestCycleListener.java | 13 ++++--------
.../wicket/csp/ContentSecurityPolicySettings.java | 24 +++++++++++-----------
2 files changed, 16 insertions(+), 21 deletions(-)
diff --git
a/wicket-core/src/main/java/org/apache/wicket/csp/CSPRequestCycleListener.java
b/wicket-core/src/main/java/org/apache/wicket/csp/CSPRequestCycleListener.java
index 3250174..c245b78 100644
---
a/wicket-core/src/main/java/org/apache/wicket/csp/CSPRequestCycleListener.java
+++
b/wicket-core/src/main/java/org/apache/wicket/csp/CSPRequestCycleListener.java
@@ -16,8 +16,6 @@
*/
package org.apache.wicket.csp;
-import org.apache.wicket.core.request.handler.IPageClassRequestHandler;
-import org.apache.wicket.core.request.handler.RenderPageRequestHandler;
import org.apache.wicket.request.IRequestHandler;
import org.apache.wicket.request.IRequestHandlerDelegate;
import org.apache.wicket.request.cycle.IRequestCycleListener;
@@ -28,7 +26,7 @@ import org.apache.wicket.request.http.WebResponse;
* An {@link IRequestCycleListener} that adds {@code Content-Security-Policy}
and/or
* {@code Content-Security-Policy-Report-Only} headers based on the supplied
configuration.
*
- * @author Sven Haster
+ * @author Sven Hasters
* @author Emond Papegaaij
*/
public class CSPRequestCycleListener implements IRequestCycleListener
@@ -73,7 +71,7 @@ public class CSPRequestCycleListener implements
IRequestCycleListener
* @param handler
* handler
* @return <code>true</code> if must protected
- * @see
ContentSecurityPolicySettings#mustProtectPageRequest(IPageClassRequestHandler)
+ * @see
ContentSecurityPolicySettings#mustProtectRequest(IRequestHandler)
*/
protected boolean mustProtect(IRequestHandler handler)
{
@@ -81,11 +79,8 @@ public class CSPRequestCycleListener implements
IRequestCycleListener
{
return
mustProtect(((IRequestHandlerDelegate)handler).getDelegateHandler());
}
- if (handler instanceof RenderPageRequestHandler)
- {
- return
settings.mustProtectPageRequest((RenderPageRequestHandler)handler);
- }
- return false;
+
+ return settings.mustProtectRequest(handler);
}
}
diff --git
a/wicket-core/src/main/java/org/apache/wicket/csp/ContentSecurityPolicySettings.java
b/wicket-core/src/main/java/org/apache/wicket/csp/ContentSecurityPolicySettings.java
index edf6dc5..a768055 100644
---
a/wicket-core/src/main/java/org/apache/wicket/csp/ContentSecurityPolicySettings.java
+++
b/wicket-core/src/main/java/org/apache/wicket/csp/ContentSecurityPolicySettings.java
@@ -24,8 +24,8 @@ import java.util.function.Predicate;
import org.apache.wicket.Application;
import org.apache.wicket.MetaDataKey;
import org.apache.wicket.Page;
-import org.apache.wicket.core.request.handler.IPageClassRequestHandler;
import org.apache.wicket.core.request.handler.IPageRequestHandler;
+import org.apache.wicket.core.request.handler.RenderPageRequestHandler;
import org.apache.wicket.protocol.http.WebApplication;
import org.apache.wicket.request.IRequestHandler;
import org.apache.wicket.request.cycle.RequestCycle;
@@ -70,7 +70,7 @@ public class ContentSecurityPolicySettings
private final Map<CSPHeaderMode, CSPHeaderConfiguration> configs = new
EnumMap<>(
CSPHeaderMode.class);
- private Predicate<IPageClassRequestHandler> protectedPageFilter =
handler -> true;
+ private Predicate<IRequestHandler> protectedFilter =
RenderPageRequestHandler.class::isInstance;
public ContentSecurityPolicySettings(Application application)
{
@@ -90,31 +90,31 @@ public class ContentSecurityPolicySettings
/**
* Sets the predicate that determines which requests must be protected
by the CSP. When the
- * predicate evaluates to false, the request for the page will not be
protected.
+ * predicate evaluates to false, the request will not be protected.
*
- * @param protectedPageFilter
+ * @param protectedFilter
* The new filter, must not be null.
* @return {@code this} for chaining.
*/
- public ContentSecurityPolicySettings setProtectedPageFilter(
- Predicate<IPageClassRequestHandler> protectedPageFilter)
+ public ContentSecurityPolicySettings setProtectedFilter(
+ Predicate<IRequestHandler> protectedFilter)
{
- Args.notNull(protectedPageFilter, "protectedPageFilter");
- this.protectedPageFilter = protectedPageFilter;
+ Args.notNull(protectedFilter, "protectedFilter");
+ this.protectedFilter = protectedFilter;
return this;
}
/**
- * Should any request to the given page be protected by CSP.
+ * Should any request be protected by CSP.
*
* @param handler
* @return <code>true</code> by default
*
- * @see #setProtectedPageFilter(Predicate)
+ * @see #setProtectedFilter(Predicate)
*/
- protected boolean mustProtectPageRequest(IPageClassRequestHandler
handler)
+ protected boolean mustProtectRequest(IRequestHandler handler)
{
- return protectedPageFilter.test(handler);
+ return protectedFilter.test(handler);
}
/**
