[jira] [Work logged] (WW-5400) CSP interceptor only allows very limited configuration
[ https://issues.apache.org/jira/browse/WW-5400?focusedWorklogId=922768&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-922768 ] ASF GitHub Bot logged work on WW-5400: -- Author: ASF GitHub Bot Created on: 10/Jun/24 06:34 Start Date: 10/Jun/24 06:34 Worklog Time Spent: 10m Work Description: lukaszlenart merged PR #240: URL: https://github.com/apache/struts-site/pull/240 Issue Time Tracking --- Worklog Id: (was: 922768) Time Spent: 4h 40m (was: 4.5h) > CSP interceptor only allows very limited configuration > -- > > Key: WW-5400 > URL: https://issues.apache.org/jira/browse/WW-5400 > Project: Struts 2 > Issue Type: Improvement > Components: Core Interceptors >Affects Versions: 6.3.0 >Reporter: Erica Kane >Assignee: Lukasz Lenart >Priority: Major > Fix For: 6.5.0 > > Time Spent: 4h 40m > Remaining Estimate: 0h > > I have been trying to implement CSP on our website. The CSP interceptor > provides an elegant solution with the and tags. However, > I want to set my own base-uri. And perhaps make some other changes to the CSP > headers. > But these values are not accessible. Only the report-only and report-uri can > be changed. Even if one is willing to work at the Action level and implement > a new interface for all of them, I can't change the base-uri. I've seen > people on Stack Overflow disable it for this reason. I want to use it, but > could someone please explain how to set the base-uri globally? If not, I will > likely have to make my own. > P.S. I will update the documentation page. Nowhere in the description of the > interceptor does it mention the script and link tags, and without those, it > is useless! -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5400) CSP interceptor only allows very limited configuration
[ https://issues.apache.org/jira/browse/WW-5400?focusedWorklogId=922766&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-922766 ] ASF GitHub Bot logged work on WW-5400: -- Author: ASF GitHub Bot Created on: 10/Jun/24 06:27 Start Date: 10/Jun/24 06:27 Worklog Time Spent: 10m Work Description: asf-ci commented on PR #240: URL: https://github.com/apache/struts-site/pull/240#issuecomment-2157426725 Staged site is ready at https://struts.staged.apache.org/ Issue Time Tracking --- Worklog Id: (was: 922766) Time Spent: 4.5h (was: 4h 20m) > CSP interceptor only allows very limited configuration > -- > > Key: WW-5400 > URL: https://issues.apache.org/jira/browse/WW-5400 > Project: Struts 2 > Issue Type: Improvement > Components: Core Interceptors >Affects Versions: 6.3.0 >Reporter: Erica Kane >Assignee: Lukasz Lenart >Priority: Major > Fix For: 6.5.0 > > Time Spent: 4.5h > Remaining Estimate: 0h > > I have been trying to implement CSP on our website. The CSP interceptor > provides an elegant solution with the and tags. However, > I want to set my own base-uri. And perhaps make some other changes to the CSP > headers. > But these values are not accessible. Only the report-only and report-uri can > be changed. Even if one is willing to work at the Action level and implement > a new interface for all of them, I can't change the base-uri. I've seen > people on Stack Overflow disable it for this reason. I want to use it, but > could someone please explain how to set the base-uri globally? If not, I will > likely have to make my own. > P.S. I will update the documentation page. Nowhere in the description of the > interceptor does it mention the script and link tags, and without those, it > is useless! -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5400) CSP interceptor only allows very limited configuration
[ https://issues.apache.org/jira/browse/WW-5400?focusedWorklogId=922765&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-922765 ] ASF GitHub Bot logged work on WW-5400: -- Author: ASF GitHub Bot Created on: 10/Jun/24 06:16 Start Date: 10/Jun/24 06:16 Worklog Time Spent: 10m Work Description: asf-ci commented on PR #240: URL: https://github.com/apache/struts-site/pull/240#issuecomment-2157400709 Staged site is ready at https://struts.staged.apache.org/ Issue Time Tracking --- Worklog Id: (was: 922765) Time Spent: 4h 20m (was: 4h 10m) > CSP interceptor only allows very limited configuration > -- > > Key: WW-5400 > URL: https://issues.apache.org/jira/browse/WW-5400 > Project: Struts 2 > Issue Type: Improvement > Components: Core Interceptors >Affects Versions: 6.3.0 >Reporter: Erica Kane >Assignee: Lukasz Lenart >Priority: Major > Fix For: 6.5.0 > > Time Spent: 4h 20m > Remaining Estimate: 0h > > I have been trying to implement CSP on our website. The CSP interceptor > provides an elegant solution with the and tags. However, > I want to set my own base-uri. And perhaps make some other changes to the CSP > headers. > But these values are not accessible. Only the report-only and report-uri can > be changed. Even if one is willing to work at the Action level and implement > a new interface for all of them, I can't change the base-uri. I've seen > people on Stack Overflow disable it for this reason. I want to use it, but > could someone please explain how to set the base-uri globally? If not, I will > likely have to make my own. > P.S. I will update the documentation page. Nowhere in the description of the > interceptor does it mention the script and link tags, and without those, it > is useless! -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5400) CSP interceptor only allows very limited configuration
[ https://issues.apache.org/jira/browse/WW-5400?focusedWorklogId=922764&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-922764 ] ASF GitHub Bot logged work on WW-5400: -- Author: ASF GitHub Bot Created on: 10/Jun/24 06:10 Start Date: 10/Jun/24 06:10 Worklog Time Spent: 10m Work Description: lukaszlenart opened a new pull request, #240: URL: https://github.com/apache/struts-site/pull/240 (no comment) Issue Time Tracking --- Worklog Id: (was: 922764) Time Spent: 4h 10m (was: 4h) > CSP interceptor only allows very limited configuration > -- > > Key: WW-5400 > URL: https://issues.apache.org/jira/browse/WW-5400 > Project: Struts 2 > Issue Type: Improvement > Components: Core Interceptors >Affects Versions: 6.3.0 >Reporter: Erica Kane >Assignee: Lukasz Lenart >Priority: Major > Fix For: 6.5.0 > > Time Spent: 4h 10m > Remaining Estimate: 0h > > I have been trying to implement CSP on our website. The CSP interceptor > provides an elegant solution with the and tags. However, > I want to set my own base-uri. And perhaps make some other changes to the CSP > headers. > But these values are not accessible. Only the report-only and report-uri can > be changed. Even if one is willing to work at the Action level and implement > a new interface for all of them, I can't change the base-uri. I've seen > people on Stack Overflow disable it for this reason. I want to use it, but > could someone please explain how to set the base-uri globally? If not, I will > likely have to make my own. > P.S. I will update the documentation page. Nowhere in the description of the > interceptor does it mention the script and link tags, and without those, it > is useless! -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5400) CSP interceptor only allows very limited configuration
[ https://issues.apache.org/jira/browse/WW-5400?focusedWorklogId=922763&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-922763 ] ASF GitHub Bot logged work on WW-5400: -- Author: ASF GitHub Bot Created on: 10/Jun/24 06:03 Start Date: 10/Jun/24 06:03 Worklog Time Spent: 10m Work Description: lukaszlenart merged PR #239: URL: https://github.com/apache/struts-site/pull/239 Issue Time Tracking --- Worklog Id: (was: 922763) Time Spent: 4h (was: 3h 50m) > CSP interceptor only allows very limited configuration > -- > > Key: WW-5400 > URL: https://issues.apache.org/jira/browse/WW-5400 > Project: Struts 2 > Issue Type: Improvement > Components: Core Interceptors >Affects Versions: 6.3.0 >Reporter: Erica Kane >Assignee: Lukasz Lenart >Priority: Major > Fix For: 6.5.0 > > Time Spent: 4h > Remaining Estimate: 0h > > I have been trying to implement CSP on our website. The CSP interceptor > provides an elegant solution with the and tags. However, > I want to set my own base-uri. And perhaps make some other changes to the CSP > headers. > But these values are not accessible. Only the report-only and report-uri can > be changed. Even if one is willing to work at the Action level and implement > a new interface for all of them, I can't change the base-uri. I've seen > people on Stack Overflow disable it for this reason. I want to use it, but > could someone please explain how to set the base-uri globally? If not, I will > likely have to make my own. > P.S. I will update the documentation page. Nowhere in the description of the > interceptor does it mention the script and link tags, and without those, it > is useless! -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5400) CSP interceptor only allows very limited configuration
[ https://issues.apache.org/jira/browse/WW-5400?focusedWorklogId=922762&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-922762 ] ASF GitHub Bot logged work on WW-5400: -- Author: ASF GitHub Bot Created on: 10/Jun/24 06:02 Start Date: 10/Jun/24 06:02 Worklog Time Spent: 10m Work Description: lukaszlenart opened a new pull request, #239: URL: https://github.com/apache/struts-site/pull/239 Refs [WW-5400](https://issues.apache.org/jira/browse/WW-5400) Issue Time Tracking --- Worklog Id: (was: 922762) Time Spent: 3h 50m (was: 3h 40m) > CSP interceptor only allows very limited configuration > -- > > Key: WW-5400 > URL: https://issues.apache.org/jira/browse/WW-5400 > Project: Struts 2 > Issue Type: Improvement > Components: Core Interceptors >Affects Versions: 6.3.0 >Reporter: Erica Kane >Assignee: Lukasz Lenart >Priority: Major > Fix For: 6.5.0 > > Time Spent: 3h 50m > Remaining Estimate: 0h > > I have been trying to implement CSP on our website. The CSP interceptor > provides an elegant solution with the and tags. However, > I want to set my own base-uri. And perhaps make some other changes to the CSP > headers. > But these values are not accessible. Only the report-only and report-uri can > be changed. Even if one is willing to work at the Action level and implement > a new interface for all of them, I can't change the base-uri. I've seen > people on Stack Overflow disable it for this reason. I want to use it, but > could someone please explain how to set the base-uri globally? If not, I will > likely have to make my own. > P.S. I will update the documentation page. Nowhere in the description of the > interceptor does it mention the script and link tags, and without those, it > is useless! -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5400) CSP interceptor only allows very limited configuration
[ https://issues.apache.org/jira/browse/WW-5400?focusedWorklogId=922761&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-922761 ] ASF GitHub Bot logged work on WW-5400: -- Author: ASF GitHub Bot Created on: 10/Jun/24 06:02 Start Date: 10/Jun/24 06:02 Worklog Time Spent: 10m Work Description: lukaszlenart closed pull request #239: WW-5400 Documents how to use cspSettingsClassName parameter URL: https://github.com/apache/struts-site/pull/239 Issue Time Tracking --- Worklog Id: (was: 922761) Time Spent: 3h 40m (was: 3.5h) > CSP interceptor only allows very limited configuration > -- > > Key: WW-5400 > URL: https://issues.apache.org/jira/browse/WW-5400 > Project: Struts 2 > Issue Type: Improvement > Components: Core Interceptors >Affects Versions: 6.3.0 >Reporter: Erica Kane >Assignee: Lukasz Lenart >Priority: Major > Fix For: 6.5.0 > > Time Spent: 3h 40m > Remaining Estimate: 0h > > I have been trying to implement CSP on our website. The CSP interceptor > provides an elegant solution with the and tags. However, > I want to set my own base-uri. And perhaps make some other changes to the CSP > headers. > But these values are not accessible. Only the report-only and report-uri can > be changed. Even if one is willing to work at the Action level and implement > a new interface for all of them, I can't change the base-uri. I've seen > people on Stack Overflow disable it for this reason. I want to use it, but > could someone please explain how to set the base-uri globally? If not, I will > likely have to make my own. > P.S. I will update the documentation page. Nowhere in the description of the > interceptor does it mention the script and link tags, and without those, it > is useless! -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5400) CSP interceptor only allows very limited configuration
[ https://issues.apache.org/jira/browse/WW-5400?focusedWorklogId=922758&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-922758 ] ASF GitHub Bot logged work on WW-5400: -- Author: ASF GitHub Bot Created on: 10/Jun/24 05:32 Start Date: 10/Jun/24 05:32 Worklog Time Spent: 10m Work Description: lukaszlenart opened a new pull request, #239: URL: https://github.com/apache/struts-site/pull/239 Refs [WW-5400](https://issues.apache.org/jira/browse/WW-5400) Issue Time Tracking --- Worklog Id: (was: 922758) Time Spent: 3.5h (was: 3h 20m) > CSP interceptor only allows very limited configuration > -- > > Key: WW-5400 > URL: https://issues.apache.org/jira/browse/WW-5400 > Project: Struts 2 > Issue Type: Improvement > Components: Core Interceptors >Affects Versions: 6.3.0 >Reporter: Erica Kane >Assignee: Lukasz Lenart >Priority: Major > Fix For: 6.5.0 > > Time Spent: 3.5h > Remaining Estimate: 0h > > I have been trying to implement CSP on our website. The CSP interceptor > provides an elegant solution with the and tags. However, > I want to set my own base-uri. And perhaps make some other changes to the CSP > headers. > But these values are not accessible. Only the report-only and report-uri can > be changed. Even if one is willing to work at the Action level and implement > a new interface for all of them, I can't change the base-uri. I've seen > people on Stack Overflow disable it for this reason. I want to use it, but > could someone please explain how to set the base-uri globally? If not, I will > likely have to make my own. > P.S. I will update the documentation page. Nowhere in the description of the > interceptor does it mention the script and link tags, and without those, it > is useless! -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5400) CSP interceptor only allows very limited configuration
[ https://issues.apache.org/jira/browse/WW-5400?focusedWorklogId=922757&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-922757 ] ASF GitHub Bot logged work on WW-5400: -- Author: ASF GitHub Bot Created on: 10/Jun/24 05:32 Start Date: 10/Jun/24 05:32 Worklog Time Spent: 10m Work Description: lukaszlenart closed pull request #239: WW-5400 Documents how to use cspSettingsClassName parameter URL: https://github.com/apache/struts-site/pull/239 Issue Time Tracking --- Worklog Id: (was: 922757) Time Spent: 3h 20m (was: 3h 10m) > CSP interceptor only allows very limited configuration > -- > > Key: WW-5400 > URL: https://issues.apache.org/jira/browse/WW-5400 > Project: Struts 2 > Issue Type: Improvement > Components: Core Interceptors >Affects Versions: 6.3.0 >Reporter: Erica Kane >Assignee: Lukasz Lenart >Priority: Major > Fix For: 6.5.0 > > Time Spent: 3h 20m > Remaining Estimate: 0h > > I have been trying to implement CSP on our website. The CSP interceptor > provides an elegant solution with the and tags. However, > I want to set my own base-uri. And perhaps make some other changes to the CSP > headers. > But these values are not accessible. Only the report-only and report-uri can > be changed. Even if one is willing to work at the Action level and implement > a new interface for all of them, I can't change the base-uri. I've seen > people on Stack Overflow disable it for this reason. I want to use it, but > could someone please explain how to set the base-uri globally? If not, I will > likely have to make my own. > P.S. I will update the documentation page. Nowhere in the description of the > interceptor does it mention the script and link tags, and without those, it > is useless! -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5400) CSP interceptor only allows very limited configuration
[ https://issues.apache.org/jira/browse/WW-5400?focusedWorklogId=922756&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-922756 ] ASF GitHub Bot logged work on WW-5400: -- Author: ASF GitHub Bot Created on: 10/Jun/24 05:28 Start Date: 10/Jun/24 05:28 Worklog Time Spent: 10m Work Description: lukaszlenart opened a new pull request, #239: URL: https://github.com/apache/struts-site/pull/239 Refs [WW-5400](https://issues.apache.org/jira/browse/WW-5400) Issue Time Tracking --- Worklog Id: (was: 922756) Time Spent: 3h 10m (was: 3h) > CSP interceptor only allows very limited configuration > -- > > Key: WW-5400 > URL: https://issues.apache.org/jira/browse/WW-5400 > Project: Struts 2 > Issue Type: Improvement > Components: Core Interceptors >Affects Versions: 6.3.0 >Reporter: Erica Kane >Assignee: Lukasz Lenart >Priority: Major > Fix For: 6.5.0 > > Time Spent: 3h 10m > Remaining Estimate: 0h > > I have been trying to implement CSP on our website. The CSP interceptor > provides an elegant solution with the and tags. However, > I want to set my own base-uri. And perhaps make some other changes to the CSP > headers. > But these values are not accessible. Only the report-only and report-uri can > be changed. Even if one is willing to work at the Action level and implement > a new interface for all of them, I can't change the base-uri. I've seen > people on Stack Overflow disable it for this reason. I want to use it, but > could someone please explain how to set the base-uri globally? If not, I will > likely have to make my own. > P.S. I will update the documentation page. Nowhere in the description of the > interceptor does it mention the script and link tags, and without those, it > is useless! -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5400) CSP interceptor only allows very limited configuration
[ https://issues.apache.org/jira/browse/WW-5400?focusedWorklogId=922755&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-922755 ] ASF GitHub Bot logged work on WW-5400: -- Author: ASF GitHub Bot Created on: 10/Jun/24 05:28 Start Date: 10/Jun/24 05:28 Worklog Time Spent: 10m Work Description: lukaszlenart closed pull request #239: WW-5400 Documents how to use cspSettingsClassName parameter URL: https://github.com/apache/struts-site/pull/239 Issue Time Tracking --- Worklog Id: (was: 922755) Time Spent: 3h (was: 2h 50m) > CSP interceptor only allows very limited configuration > -- > > Key: WW-5400 > URL: https://issues.apache.org/jira/browse/WW-5400 > Project: Struts 2 > Issue Type: Improvement > Components: Core Interceptors >Affects Versions: 6.3.0 >Reporter: Erica Kane >Assignee: Lukasz Lenart >Priority: Major > Fix For: 6.5.0 > > Time Spent: 3h > Remaining Estimate: 0h > > I have been trying to implement CSP on our website. The CSP interceptor > provides an elegant solution with the and tags. However, > I want to set my own base-uri. And perhaps make some other changes to the CSP > headers. > But these values are not accessible. Only the report-only and report-uri can > be changed. Even if one is willing to work at the Action level and implement > a new interface for all of them, I can't change the base-uri. I've seen > people on Stack Overflow disable it for this reason. I want to use it, but > could someone please explain how to set the base-uri globally? If not, I will > likely have to make my own. > P.S. I will update the documentation page. Nowhere in the description of the > interceptor does it mention the script and link tags, and without those, it > is useless! -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5400) CSP interceptor only allows very limited configuration
[ https://issues.apache.org/jira/browse/WW-5400?focusedWorklogId=922753&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-922753 ] ASF GitHub Bot logged work on WW-5400: -- Author: ASF GitHub Bot Created on: 10/Jun/24 05:10 Start Date: 10/Jun/24 05:10 Worklog Time Spent: 10m Work Description: lukaszlenart opened a new pull request, #239: URL: https://github.com/apache/struts-site/pull/239 Refs [WW-5400](https://issues.apache.org/jira/browse/WW-5400) Issue Time Tracking --- Worklog Id: (was: 922753) Time Spent: 2h 50m (was: 2h 40m) > CSP interceptor only allows very limited configuration > -- > > Key: WW-5400 > URL: https://issues.apache.org/jira/browse/WW-5400 > Project: Struts 2 > Issue Type: Improvement > Components: Core Interceptors >Affects Versions: 6.3.0 >Reporter: Erica Kane >Assignee: Lukasz Lenart >Priority: Major > Fix For: 6.5.0 > > Time Spent: 2h 50m > Remaining Estimate: 0h > > I have been trying to implement CSP on our website. The CSP interceptor > provides an elegant solution with the and tags. However, > I want to set my own base-uri. And perhaps make some other changes to the CSP > headers. > But these values are not accessible. Only the report-only and report-uri can > be changed. Even if one is willing to work at the Action level and implement > a new interface for all of them, I can't change the base-uri. I've seen > people on Stack Overflow disable it for this reason. I want to use it, but > could someone please explain how to set the base-uri globally? If not, I will > likely have to make my own. > P.S. I will update the documentation page. Nowhere in the description of the > interceptor does it mention the script and link tags, and without those, it > is useless! -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5250) Address TODO in DefaultActionValidatorManagerTest
[ https://issues.apache.org/jira/browse/WW-5250?focusedWorklogId=922752&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-922752 ] ASF GitHub Bot logged work on WW-5250: -- Author: ASF GitHub Bot Created on: 10/Jun/24 05:03 Start Date: 10/Jun/24 05:03 Worklog Time Spent: 10m Work Description: lukaszlenart merged PR #957: URL: https://github.com/apache/struts/pull/957 Issue Time Tracking --- Worklog Id: (was: 922752) Time Spent: 0.5h (was: 20m) > Address TODO in DefaultActionValidatorManagerTest > - > > Key: WW-5250 > URL: https://issues.apache.org/jira/browse/WW-5250 > Project: Struts 2 > Issue Type: Improvement > Components: Core, Unit Tests, XML Validators >Reporter: Lukasz Lenart >Assignee: Lukasz Lenart >Priority: Minor > Fix For: 6.5.0 > > Time Spent: 0.5h > Remaining Estimate: 0h > > There is a TODO which should be addressed: > {noformat} > // TODO: this all need to be converted to real unit tests > {noformat} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (WW-5250) Address TODO in DefaultActionValidatorManagerTest
[ https://issues.apache.org/jira/browse/WW-5250?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukasz Lenart resolved WW-5250. --- Resolution: Fixed > Address TODO in DefaultActionValidatorManagerTest > - > > Key: WW-5250 > URL: https://issues.apache.org/jira/browse/WW-5250 > Project: Struts 2 > Issue Type: Improvement > Components: Core, Unit Tests, XML Validators >Reporter: Lukasz Lenart >Assignee: Lukasz Lenart >Priority: Minor > Fix For: 6.5.0 > > Time Spent: 0.5h > Remaining Estimate: 0h > > There is a TODO which should be addressed: > {noformat} > // TODO: this all need to be converted to real unit tests > {noformat} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5400) CSP interceptor only allows very limited configuration
[ https://issues.apache.org/jira/browse/WW-5400?focusedWorklogId=922751&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-922751 ] ASF GitHub Bot logged work on WW-5400: -- Author: ASF GitHub Bot Created on: 10/Jun/24 05:02 Start Date: 10/Jun/24 05:02 Worklog Time Spent: 10m Work Description: lukaszlenart merged PR #956: URL: https://github.com/apache/struts/pull/956 Issue Time Tracking --- Worklog Id: (was: 922751) Time Spent: 2h 40m (was: 2.5h) > CSP interceptor only allows very limited configuration > -- > > Key: WW-5400 > URL: https://issues.apache.org/jira/browse/WW-5400 > Project: Struts 2 > Issue Type: Improvement > Components: Core Interceptors >Affects Versions: 6.3.0 >Reporter: Erica Kane >Assignee: Lukasz Lenart >Priority: Major > Fix For: 6.5.0 > > Time Spent: 2h 40m > Remaining Estimate: 0h > > I have been trying to implement CSP on our website. The CSP interceptor > provides an elegant solution with the and tags. However, > I want to set my own base-uri. And perhaps make some other changes to the CSP > headers. > But these values are not accessible. Only the report-only and report-uri can > be changed. Even if one is willing to work at the Action level and implement > a new interface for all of them, I can't change the base-uri. I've seen > people on Stack Overflow disable it for this reason. I want to use it, but > could someone please explain how to set the base-uri globally? If not, I will > likely have to make my own. > P.S. I will update the documentation page. Nowhere in the description of the > interceptor does it mention the script and link tags, and without those, it > is useless! -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (WW-5400) CSP interceptor only allows very limited configuration
[ https://issues.apache.org/jira/browse/WW-5400?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukasz Lenart resolved WW-5400. --- Resolution: Fixed > CSP interceptor only allows very limited configuration > -- > > Key: WW-5400 > URL: https://issues.apache.org/jira/browse/WW-5400 > Project: Struts 2 > Issue Type: Improvement > Components: Core Interceptors >Affects Versions: 6.3.0 >Reporter: Erica Kane >Assignee: Lukasz Lenart >Priority: Major > Fix For: 6.5.0 > > Time Spent: 2h 40m > Remaining Estimate: 0h > > I have been trying to implement CSP on our website. The CSP interceptor > provides an elegant solution with the and tags. However, > I want to set my own base-uri. And perhaps make some other changes to the CSP > headers. > But these values are not accessible. Only the report-only and report-uri can > be changed. Even if one is willing to work at the Action level and implement > a new interface for all of them, I can't change the base-uri. I've seen > people on Stack Overflow disable it for this reason. I want to use it, but > could someone please explain how to set the base-uri globally? If not, I will > likely have to make my own. > P.S. I will update the documentation page. Nowhere in the description of the > interceptor does it mention the script and link tags, and without those, it > is useless! -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5423) Query Parameters in Multipart Requests not working in v7 M6
[ https://issues.apache.org/jira/browse/WW-5423?focusedWorklogId=922750&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-922750 ] ASF GitHub Bot logged work on WW-5423: -- Author: ASF GitHub Bot Created on: 10/Jun/24 05:02 Start Date: 10/Jun/24 05:02 Worklog Time Spent: 10m Work Description: lukaszlenart merged PR #954: URL: https://github.com/apache/struts/pull/954 Issue Time Tracking --- Worklog Id: (was: 922750) Time Spent: 40m (was: 0.5h) > Query Parameters in Multipart Requests not working in v7 M6 > --- > > Key: WW-5423 > URL: https://issues.apache.org/jira/browse/WW-5423 > Project: Struts 2 > Issue Type: Bug >Affects Versions: 7.0.0 >Reporter: Philip Crider >Priority: Major > Fix For: 7.0.0 > > Time Spent: 40m > Remaining Estimate: 0h > > One of the changes in [https://github.com/apache/struts/pull/861] broke query > parameters in multipart requests. Their values are being lost. > This is the old implementation, which returns null if the parameter doesn't > exist. > {code:java} > public String[] getParameterValues(String name) { > List v = params.get(name); > if (v != null && !v.isEmpty()) { > return v.toArray(new String[0]); > } > return null; > } {code} > > And this is the new implementation, which returns an empty array in that case. > {code:java} > public String[] getParameterValues(String name) { > return parameters.getOrDefault(name, Collections.emptyList()) > .toArray(String[]::new); > }{code} > > This method in MultiPartRequestWrapper is expecting null to be returned in > that case. > {code:java} > public String[] getParameterValues(String name) { > return ((multi == null) || (multi.getParameterValues(name) == null)) ? > super.getParameterValues(name) : multi.getParameterValues(name); > }{code} > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (WW-5423) Query Parameters in Multipart Requests not working in v7 M6
[ https://issues.apache.org/jira/browse/WW-5423?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukasz Lenart resolved WW-5423. --- Resolution: Fixed > Query Parameters in Multipart Requests not working in v7 M6 > --- > > Key: WW-5423 > URL: https://issues.apache.org/jira/browse/WW-5423 > Project: Struts 2 > Issue Type: Bug >Affects Versions: 7.0.0 >Reporter: Philip Crider >Priority: Major > Fix For: 7.0.0 > > Time Spent: 40m > Remaining Estimate: 0h > > One of the changes in [https://github.com/apache/struts/pull/861] broke query > parameters in multipart requests. Their values are being lost. > This is the old implementation, which returns null if the parameter doesn't > exist. > {code:java} > public String[] getParameterValues(String name) { > List v = params.get(name); > if (v != null && !v.isEmpty()) { > return v.toArray(new String[0]); > } > return null; > } {code} > > And this is the new implementation, which returns an empty array in that case. > {code:java} > public String[] getParameterValues(String name) { > return parameters.getOrDefault(name, Collections.emptyList()) > .toArray(String[]::new); > }{code} > > This method in MultiPartRequestWrapper is expecting null to be returned in > that case. > {code:java} > public String[] getParameterValues(String name) { > return ((multi == null) || (multi.getParameterValues(name) == null)) ? > super.getParameterValues(name) : multi.getParameterValues(name); > }{code} > > -- This message was sent by Atlassian Jira (v8.20.10#820010)