[
https://issues.apache.org/jira/browse/WICKET-7096?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17808078#comment-17808078
]
ASF GitHub Bot commented on WICKET-7096:
----------------------------------------
martin-g merged PR #768:
URL: https://github.com/apache/wicket/pull/768
> stylesheets referenced via automatic linking miss nonce attribute
> -----------------------------------------------------------------
>
> Key: WICKET-7096
> URL: https://issues.apache.org/jira/browse/WICKET-7096
> Project: Wicket
> Issue Type: Bug
> Components: wicket-core
> Affects Versions: 10.0.0-M2
> Reporter: Sebastian T
> Priority: Major
>
> I am running a Wicket App with:
> {code:java}
> getCspSettings().blocking();
> getMarkupSettings().setAutomaticLinking(true);
> {code}
> I have a base.css file in the same folder as the Wicket page and add it to
> html like this:
> {code:html}
> <link rel="stylesheet" href="base.css" type="text/css" />
> {code}
> This is rendered by wicket to
> {code:html}
> <link rel="stylesheet"
> href="./wicket/resource/com.example.MyPage/base-ver-1705259207805.css"
> type="text/css" data-wicket-path="html___autolink__-1754779463"/>
> {code}
> This result in:
> {noformat}
> Content-Security-Policy: The page’s settings blocked the loading of a
> resource at
> http://localhost:8080/wicket/resource/com.example.MyPage/base-ver-1705259207805.css
> (“style-src”).
> {noformat}
> -----------------
> If I however add the stylesheet programmatically like this:
> {code:java}
> public void renderHead(final IHeaderResponse response) {
> super.renderHead(response);
> response.render(CssHeaderItem.forReference(new
> CssResourceReference(MyPage.class, "base.css")));
> }
> {code}
> the required nonce is added as expected:
> {code:html}
> <link rel="stylesheet"
> href="./wicket/resource/com.example.MyPage/base-ver-1705259207805.css"
> type="text/css" nonce="Fkg6q7ZOaX_uLN6aFESVwZVM" />
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
