[ https://issues.apache.org/jira/browse/WICKET-7096?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17808078#comment-17808078 ]
ASF GitHub Bot commented on WICKET-7096: ---------------------------------------- martin-g merged PR #768: URL: https://github.com/apache/wicket/pull/768 > stylesheets referenced via automatic linking miss nonce attribute > ----------------------------------------------------------------- > > Key: WICKET-7096 > URL: https://issues.apache.org/jira/browse/WICKET-7096 > Project: Wicket > Issue Type: Bug > Components: wicket-core > Affects Versions: 10.0.0-M2 > Reporter: Sebastian T > Priority: Major > > I am running a Wicket App with: > {code:java} > getCspSettings().blocking(); > getMarkupSettings().setAutomaticLinking(true); > {code} > I have a base.css file in the same folder as the Wicket page and add it to > html like this: > {code:html} > <link rel="stylesheet" href="base.css" type="text/css" /> > {code} > This is rendered by wicket to > {code:html} > <link rel="stylesheet" > href="./wicket/resource/com.example.MyPage/base-ver-1705259207805.css" > type="text/css" data-wicket-path="html___autolink__-1754779463"/> > {code} > This result in: > {noformat} > Content-Security-Policy: The page’s settings blocked the loading of a > resource at > http://localhost:8080/wicket/resource/com.example.MyPage/base-ver-1705259207805.css > (“style-src”). > {noformat} > ----------------- > If I however add the stylesheet programmatically like this: > {code:java} > public void renderHead(final IHeaderResponse response) { > super.renderHead(response); > response.render(CssHeaderItem.forReference(new > CssResourceReference(MyPage.class, "base.css"))); > } > {code} > the required nonce is added as expected: > {code:html} > <link rel="stylesheet" > href="./wicket/resource/com.example.MyPage/base-ver-1705259207805.css" > type="text/css" nonce="Fkg6q7ZOaX_uLN6aFESVwZVM" /> > {code} -- This message was sent by Atlassian Jira (v8.20.10#820010)