Martin Tzvetanov Grigorov created WICKET-7149:
-------------------------------------------------
Summary: Add Integrity and CrossOrigin values to ResourceReference
and related code
Key: WICKET-7149
URL: https://issues.apache.org/jira/browse/WICKET-7149
Project: Wicket
Issue Type: Improvement
Components: wicket
Affects Versions: 10.4.0
Reporter: Martin Tzvetanov Grigorov
>From https://github.com/apache/wicket/pull/1102
*Synopsis*
Added two new variables to the ResourceReference class. Added code to use these
values in both the JavaScriptReferenceHeaderItem and CssReferenceHeaderItem
classes. Also fixed a bug with the AbstractCssReferenceHeaderItem class where
it was directly accessing the identity and crossOrigin values directly instead
of going through accessor methods.
{*}In-depth Detail{*}:
It is easy to create the integrity and cross origin values needed when the we
have the control over the creation of the JavaScriptHeaderItem or
CssReferenceHeaderItem. It becomes much more difficult when there are resources
that are created and then stored in wicket framework classes (whether resource
references are framework or user created), because these resources are used
later by the framework when it does the actual creation of the header items
(i.e. like JavaScriptHeaderItem.forReference()).
Supporting scenario...try setting the integrity hash for the
"wicket-ajax-jquery.js" file which is referenced from the
wicket-core-10.1.0.jar. This resource is created initially through the
WicketAjaxJQueryResourceReference class and used in the
JavaScriptLibrarySettings class. The call getWicketAjaxReference() inside the
JavaScriptLibrarySettings is used by the framework in various places, and those
places create the actual JavaScriptReferenceHeaderItem (see
OnDomReadyHeaderItem.getDependencies() as an example). While it is possible to
extend a few framework classes to overwrite the default behavior and create the
JavaScriptReferenceHeaderItem directly and add the desired hash and
cross-origin values, that method is not a desirable or maintainable.
By adding integrity and cross-origin variables to the definition of a
ResourceReference class, those values can then be used in the rendering of the
JavaScriptReferenceHeaderItem through overriding the getIntegrity() and
getCrossOrigin() functions. If the header item's integrity value was not
defined (i.e. null) then use the value defined from the ResourceReference (the
same goes for the cross origin value).
It was also noticed that the AbstractCssReferenceHeaderItem's
internalRenderCSSReference() function was not correctly referencing the
integrity and cross origin values by directly accessing the values rather than
using the accessor methods. Changes were made to this class to correctly use
the accessor methods.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
