Yes, All my prs were made with strict csp enabled Additional minor change is required to make tests pass Will create pr right after release
On Thu, Feb 27, 2020, 20:32 Martin Grigorov <mgrigo...@apache.org> wrote: > Thanks, Emond! > > @Maxim: since you started using Wicket 9.x Bootstrap 4.x recently: do you > use it with CSP enabled ? > > On Thu, Feb 27, 2020 at 3:17 PM Emond Papegaaij <emond.papega...@gmail.com > > > wrote: > > > Hi Martin and Sebastien, > > > > I see no need for checking if CSP is enabled or not. It is not hard to > > write your code to comply to even the strictest CSP. If it works with > > the strict CSP, it will also work when CSP is disabled or with a less > > strict CSP. Simply follow the few rules explained in the user guide. > > Note that if your library needs to check if a nonce is required, this > > is already supported, see > > ContentSecurityPolicyEnforcer.isNonceEnabled(). > > > > Our application uses WiQuery and several other frameworks, and I only > > had to make minor changes to make this application fully compliant > > with the strict CSP. No changes were required to WiQuery. A small > > change is required to the ChartJS library we use > > (https://github.com/haster/java-chartjs) because ChartJS tries to > > insert a stylesheet into the head. This stylesheet has to be rendered > > via Wicket to get the nonce. > > > > Best regards, > > Emond > > > > On Thu, Feb 27, 2020 at 2:00 PM Sebastien Briquet <sbriq...@apache.org> > > wrote: > > > > > > Hi Martin, > > > > > > Actually that's a good point! I will try to upgrade Wicket jQuery UI to > > > wicket 9/CSP to see how it behaves... > > > > > > Thanks and best regards, > > > Sebastien > > >
