Thanks, Emond! @Maxim: since you started using Wicket 9.x Bootstrap 4.x recently: do you use it with CSP enabled ?
On Thu, Feb 27, 2020 at 3:17 PM Emond Papegaaij <emond.papega...@gmail.com> wrote: > Hi Martin and Sebastien, > > I see no need for checking if CSP is enabled or not. It is not hard to > write your code to comply to even the strictest CSP. If it works with > the strict CSP, it will also work when CSP is disabled or with a less > strict CSP. Simply follow the few rules explained in the user guide. > Note that if your library needs to check if a nonce is required, this > is already supported, see > ContentSecurityPolicyEnforcer.isNonceEnabled(). > > Our application uses WiQuery and several other frameworks, and I only > had to make minor changes to make this application fully compliant > with the strict CSP. No changes were required to WiQuery. A small > change is required to the ChartJS library we use > (https://github.com/haster/java-chartjs) because ChartJS tries to > insert a stylesheet into the head. This stylesheet has to be rendered > via Wicket to get the nonce. > > Best regards, > Emond > > On Thu, Feb 27, 2020 at 2:00 PM Sebastien Briquet <sbriq...@apache.org> > wrote: > > > > Hi Martin, > > > > Actually that's a good point! I will try to upgrade Wicket jQuery UI to > > wicket 9/CSP to see how it behaves... > > > > Thanks and best regards, > > Sebastien >
