[jira] [Work logged] (WW-5400) CSP interceptor only allows very limited configuration
[ https://issues.apache.org/jira/browse/WW-5400?focusedWorklogId=922768&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-922768 ] ASF GitHub Bot logged work on WW-5400: -- Author: ASF GitHub Bot Created on: 10/Jun/24 06:34 Start Date: 10/Jun/24 06:34 Worklog Time Spent: 10m Work Description: lukaszlenart merged PR #240: URL: https://github.com/apache/struts-site/pull/240 Issue Time Tracking --- Worklog Id: (was: 922768) Time Spent: 4h 40m (was: 4.5h) > CSP interceptor only allows very limited configuration > -- > > Key: WW-5400 > URL: https://issues.apache.org/jira/browse/WW-5400 > Project: Struts 2 > Issue Type: Improvement > Components: Core Interceptors >Affects Versions: 6.3.0 >Reporter: Erica Kane >Assignee: Lukasz Lenart >Priority: Major > Fix For: 6.5.0 > > Time Spent: 4h 40m > Remaining Estimate: 0h > > I have been trying to implement CSP on our website. The CSP interceptor > provides an elegant solution with the and tags. However, > I want to set my own base-uri. And perhaps make some other changes to the CSP > headers. > But these values are not accessible. Only the report-only and report-uri can > be changed. Even if one is willing to work at the Action level and implement > a new interface for all of them, I can't change the base-uri. I've seen > people on Stack Overflow disable it for this reason. I want to use it, but > could someone please explain how to set the base-uri globally? If not, I will > likely have to make my own. > P.S. I will update the documentation page. Nowhere in the description of the > interceptor does it mention the script and link tags, and without those, it > is useless! -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5400) CSP interceptor only allows very limited configuration
[ https://issues.apache.org/jira/browse/WW-5400?focusedWorklogId=922766&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-922766 ] ASF GitHub Bot logged work on WW-5400: -- Author: ASF GitHub Bot Created on: 10/Jun/24 06:27 Start Date: 10/Jun/24 06:27 Worklog Time Spent: 10m Work Description: asf-ci commented on PR #240: URL: https://github.com/apache/struts-site/pull/240#issuecomment-2157426725 Staged site is ready at https://struts.staged.apache.org/ Issue Time Tracking --- Worklog Id: (was: 922766) Time Spent: 4.5h (was: 4h 20m) > CSP interceptor only allows very limited configuration > -- > > Key: WW-5400 > URL: https://issues.apache.org/jira/browse/WW-5400 > Project: Struts 2 > Issue Type: Improvement > Components: Core Interceptors >Affects Versions: 6.3.0 >Reporter: Erica Kane >Assignee: Lukasz Lenart >Priority: Major > Fix For: 6.5.0 > > Time Spent: 4.5h > Remaining Estimate: 0h > > I have been trying to implement CSP on our website. The CSP interceptor > provides an elegant solution with the and tags. However, > I want to set my own base-uri. And perhaps make some other changes to the CSP > headers. > But these values are not accessible. Only the report-only and report-uri can > be changed. Even if one is willing to work at the Action level and implement > a new interface for all of them, I can't change the base-uri. I've seen > people on Stack Overflow disable it for this reason. I want to use it, but > could someone please explain how to set the base-uri globally? If not, I will > likely have to make my own. > P.S. I will update the documentation page. Nowhere in the description of the > interceptor does it mention the script and link tags, and without those, it > is useless! -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5400) CSP interceptor only allows very limited configuration
[ https://issues.apache.org/jira/browse/WW-5400?focusedWorklogId=922765&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-922765 ] ASF GitHub Bot logged work on WW-5400: -- Author: ASF GitHub Bot Created on: 10/Jun/24 06:16 Start Date: 10/Jun/24 06:16 Worklog Time Spent: 10m Work Description: asf-ci commented on PR #240: URL: https://github.com/apache/struts-site/pull/240#issuecomment-2157400709 Staged site is ready at https://struts.staged.apache.org/ Issue Time Tracking --- Worklog Id: (was: 922765) Time Spent: 4h 20m (was: 4h 10m) > CSP interceptor only allows very limited configuration > -- > > Key: WW-5400 > URL: https://issues.apache.org/jira/browse/WW-5400 > Project: Struts 2 > Issue Type: Improvement > Components: Core Interceptors >Affects Versions: 6.3.0 >Reporter: Erica Kane >Assignee: Lukasz Lenart >Priority: Major > Fix For: 6.5.0 > > Time Spent: 4h 20m > Remaining Estimate: 0h > > I have been trying to implement CSP on our website. The CSP interceptor > provides an elegant solution with the and tags. However, > I want to set my own base-uri. And perhaps make some other changes to the CSP > headers. > But these values are not accessible. Only the report-only and report-uri can > be changed. Even if one is willing to work at the Action level and implement > a new interface for all of them, I can't change the base-uri. I've seen > people on Stack Overflow disable it for this reason. I want to use it, but > could someone please explain how to set the base-uri globally? If not, I will > likely have to make my own. > P.S. I will update the documentation page. Nowhere in the description of the > interceptor does it mention the script and link tags, and without those, it > is useless! -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5400) CSP interceptor only allows very limited configuration
[ https://issues.apache.org/jira/browse/WW-5400?focusedWorklogId=922764&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-922764 ] ASF GitHub Bot logged work on WW-5400: -- Author: ASF GitHub Bot Created on: 10/Jun/24 06:10 Start Date: 10/Jun/24 06:10 Worklog Time Spent: 10m Work Description: lukaszlenart opened a new pull request, #240: URL: https://github.com/apache/struts-site/pull/240 (no comment) Issue Time Tracking --- Worklog Id: (was: 922764) Time Spent: 4h 10m (was: 4h) > CSP interceptor only allows very limited configuration > -- > > Key: WW-5400 > URL: https://issues.apache.org/jira/browse/WW-5400 > Project: Struts 2 > Issue Type: Improvement > Components: Core Interceptors >Affects Versions: 6.3.0 >Reporter: Erica Kane >Assignee: Lukasz Lenart >Priority: Major > Fix For: 6.5.0 > > Time Spent: 4h 10m > Remaining Estimate: 0h > > I have been trying to implement CSP on our website. The CSP interceptor > provides an elegant solution with the and tags. However, > I want to set my own base-uri. And perhaps make some other changes to the CSP > headers. > But these values are not accessible. Only the report-only and report-uri can > be changed. Even if one is willing to work at the Action level and implement > a new interface for all of them, I can't change the base-uri. I've seen > people on Stack Overflow disable it for this reason. I want to use it, but > could someone please explain how to set the base-uri globally? If not, I will > likely have to make my own. > P.S. I will update the documentation page. Nowhere in the description of the > interceptor does it mention the script and link tags, and without those, it > is useless! -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5400) CSP interceptor only allows very limited configuration
[ https://issues.apache.org/jira/browse/WW-5400?focusedWorklogId=922763&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-922763 ] ASF GitHub Bot logged work on WW-5400: -- Author: ASF GitHub Bot Created on: 10/Jun/24 06:03 Start Date: 10/Jun/24 06:03 Worklog Time Spent: 10m Work Description: lukaszlenart merged PR #239: URL: https://github.com/apache/struts-site/pull/239 Issue Time Tracking --- Worklog Id: (was: 922763) Time Spent: 4h (was: 3h 50m) > CSP interceptor only allows very limited configuration > -- > > Key: WW-5400 > URL: https://issues.apache.org/jira/browse/WW-5400 > Project: Struts 2 > Issue Type: Improvement > Components: Core Interceptors >Affects Versions: 6.3.0 >Reporter: Erica Kane >Assignee: Lukasz Lenart >Priority: Major > Fix For: 6.5.0 > > Time Spent: 4h > Remaining Estimate: 0h > > I have been trying to implement CSP on our website. The CSP interceptor > provides an elegant solution with the and tags. However, > I want to set my own base-uri. And perhaps make some other changes to the CSP > headers. > But these values are not accessible. Only the report-only and report-uri can > be changed. Even if one is willing to work at the Action level and implement > a new interface for all of them, I can't change the base-uri. I've seen > people on Stack Overflow disable it for this reason. I want to use it, but > could someone please explain how to set the base-uri globally? If not, I will > likely have to make my own. > P.S. I will update the documentation page. Nowhere in the description of the > interceptor does it mention the script and link tags, and without those, it > is useless! -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5400) CSP interceptor only allows very limited configuration
[ https://issues.apache.org/jira/browse/WW-5400?focusedWorklogId=922762&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-922762 ] ASF GitHub Bot logged work on WW-5400: -- Author: ASF GitHub Bot Created on: 10/Jun/24 06:02 Start Date: 10/Jun/24 06:02 Worklog Time Spent: 10m Work Description: lukaszlenart opened a new pull request, #239: URL: https://github.com/apache/struts-site/pull/239 Refs [WW-5400](https://issues.apache.org/jira/browse/WW-5400) Issue Time Tracking --- Worklog Id: (was: 922762) Time Spent: 3h 50m (was: 3h 40m) > CSP interceptor only allows very limited configuration > -- > > Key: WW-5400 > URL: https://issues.apache.org/jira/browse/WW-5400 > Project: Struts 2 > Issue Type: Improvement > Components: Core Interceptors >Affects Versions: 6.3.0 >Reporter: Erica Kane >Assignee: Lukasz Lenart >Priority: Major > Fix For: 6.5.0 > > Time Spent: 3h 50m > Remaining Estimate: 0h > > I have been trying to implement CSP on our website. The CSP interceptor > provides an elegant solution with the and tags. However, > I want to set my own base-uri. And perhaps make some other changes to the CSP > headers. > But these values are not accessible. Only the report-only and report-uri can > be changed. Even if one is willing to work at the Action level and implement > a new interface for all of them, I can't change the base-uri. I've seen > people on Stack Overflow disable it for this reason. I want to use it, but > could someone please explain how to set the base-uri globally? If not, I will > likely have to make my own. > P.S. I will update the documentation page. Nowhere in the description of the > interceptor does it mention the script and link tags, and without those, it > is useless! -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5400) CSP interceptor only allows very limited configuration
[ https://issues.apache.org/jira/browse/WW-5400?focusedWorklogId=922761&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-922761 ] ASF GitHub Bot logged work on WW-5400: -- Author: ASF GitHub Bot Created on: 10/Jun/24 06:02 Start Date: 10/Jun/24 06:02 Worklog Time Spent: 10m Work Description: lukaszlenart closed pull request #239: WW-5400 Documents how to use cspSettingsClassName parameter URL: https://github.com/apache/struts-site/pull/239 Issue Time Tracking --- Worklog Id: (was: 922761) Time Spent: 3h 40m (was: 3.5h) > CSP interceptor only allows very limited configuration > -- > > Key: WW-5400 > URL: https://issues.apache.org/jira/browse/WW-5400 > Project: Struts 2 > Issue Type: Improvement > Components: Core Interceptors >Affects Versions: 6.3.0 >Reporter: Erica Kane >Assignee: Lukasz Lenart >Priority: Major > Fix For: 6.5.0 > > Time Spent: 3h 40m > Remaining Estimate: 0h > > I have been trying to implement CSP on our website. The CSP interceptor > provides an elegant solution with the and tags. However, > I want to set my own base-uri. And perhaps make some other changes to the CSP > headers. > But these values are not accessible. Only the report-only and report-uri can > be changed. Even if one is willing to work at the Action level and implement > a new interface for all of them, I can't change the base-uri. I've seen > people on Stack Overflow disable it for this reason. I want to use it, but > could someone please explain how to set the base-uri globally? If not, I will > likely have to make my own. > P.S. I will update the documentation page. Nowhere in the description of the > interceptor does it mention the script and link tags, and without those, it > is useless! -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5400) CSP interceptor only allows very limited configuration
[ https://issues.apache.org/jira/browse/WW-5400?focusedWorklogId=922758&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-922758 ] ASF GitHub Bot logged work on WW-5400: -- Author: ASF GitHub Bot Created on: 10/Jun/24 05:32 Start Date: 10/Jun/24 05:32 Worklog Time Spent: 10m Work Description: lukaszlenart opened a new pull request, #239: URL: https://github.com/apache/struts-site/pull/239 Refs [WW-5400](https://issues.apache.org/jira/browse/WW-5400) Issue Time Tracking --- Worklog Id: (was: 922758) Time Spent: 3.5h (was: 3h 20m) > CSP interceptor only allows very limited configuration > -- > > Key: WW-5400 > URL: https://issues.apache.org/jira/browse/WW-5400 > Project: Struts 2 > Issue Type: Improvement > Components: Core Interceptors >Affects Versions: 6.3.0 >Reporter: Erica Kane >Assignee: Lukasz Lenart >Priority: Major > Fix For: 6.5.0 > > Time Spent: 3.5h > Remaining Estimate: 0h > > I have been trying to implement CSP on our website. The CSP interceptor > provides an elegant solution with the and tags. However, > I want to set my own base-uri. And perhaps make some other changes to the CSP > headers. > But these values are not accessible. Only the report-only and report-uri can > be changed. Even if one is willing to work at the Action level and implement > a new interface for all of them, I can't change the base-uri. I've seen > people on Stack Overflow disable it for this reason. I want to use it, but > could someone please explain how to set the base-uri globally? If not, I will > likely have to make my own. > P.S. I will update the documentation page. Nowhere in the description of the > interceptor does it mention the script and link tags, and without those, it > is useless! -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5400) CSP interceptor only allows very limited configuration
[ https://issues.apache.org/jira/browse/WW-5400?focusedWorklogId=922757&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-922757 ] ASF GitHub Bot logged work on WW-5400: -- Author: ASF GitHub Bot Created on: 10/Jun/24 05:32 Start Date: 10/Jun/24 05:32 Worklog Time Spent: 10m Work Description: lukaszlenart closed pull request #239: WW-5400 Documents how to use cspSettingsClassName parameter URL: https://github.com/apache/struts-site/pull/239 Issue Time Tracking --- Worklog Id: (was: 922757) Time Spent: 3h 20m (was: 3h 10m) > CSP interceptor only allows very limited configuration > -- > > Key: WW-5400 > URL: https://issues.apache.org/jira/browse/WW-5400 > Project: Struts 2 > Issue Type: Improvement > Components: Core Interceptors >Affects Versions: 6.3.0 >Reporter: Erica Kane >Assignee: Lukasz Lenart >Priority: Major > Fix For: 6.5.0 > > Time Spent: 3h 20m > Remaining Estimate: 0h > > I have been trying to implement CSP on our website. The CSP interceptor > provides an elegant solution with the and tags. However, > I want to set my own base-uri. And perhaps make some other changes to the CSP > headers. > But these values are not accessible. Only the report-only and report-uri can > be changed. Even if one is willing to work at the Action level and implement > a new interface for all of them, I can't change the base-uri. I've seen > people on Stack Overflow disable it for this reason. I want to use it, but > could someone please explain how to set the base-uri globally? If not, I will > likely have to make my own. > P.S. I will update the documentation page. Nowhere in the description of the > interceptor does it mention the script and link tags, and without those, it > is useless! -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5400) CSP interceptor only allows very limited configuration
[ https://issues.apache.org/jira/browse/WW-5400?focusedWorklogId=922756&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-922756 ] ASF GitHub Bot logged work on WW-5400: -- Author: ASF GitHub Bot Created on: 10/Jun/24 05:28 Start Date: 10/Jun/24 05:28 Worklog Time Spent: 10m Work Description: lukaszlenart opened a new pull request, #239: URL: https://github.com/apache/struts-site/pull/239 Refs [WW-5400](https://issues.apache.org/jira/browse/WW-5400) Issue Time Tracking --- Worklog Id: (was: 922756) Time Spent: 3h 10m (was: 3h) > CSP interceptor only allows very limited configuration > -- > > Key: WW-5400 > URL: https://issues.apache.org/jira/browse/WW-5400 > Project: Struts 2 > Issue Type: Improvement > Components: Core Interceptors >Affects Versions: 6.3.0 >Reporter: Erica Kane >Assignee: Lukasz Lenart >Priority: Major > Fix For: 6.5.0 > > Time Spent: 3h 10m > Remaining Estimate: 0h > > I have been trying to implement CSP on our website. The CSP interceptor > provides an elegant solution with the and tags. However, > I want to set my own base-uri. And perhaps make some other changes to the CSP > headers. > But these values are not accessible. Only the report-only and report-uri can > be changed. Even if one is willing to work at the Action level and implement > a new interface for all of them, I can't change the base-uri. I've seen > people on Stack Overflow disable it for this reason. I want to use it, but > could someone please explain how to set the base-uri globally? If not, I will > likely have to make my own. > P.S. I will update the documentation page. Nowhere in the description of the > interceptor does it mention the script and link tags, and without those, it > is useless! -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5400) CSP interceptor only allows very limited configuration
[ https://issues.apache.org/jira/browse/WW-5400?focusedWorklogId=922755&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-922755 ] ASF GitHub Bot logged work on WW-5400: -- Author: ASF GitHub Bot Created on: 10/Jun/24 05:28 Start Date: 10/Jun/24 05:28 Worklog Time Spent: 10m Work Description: lukaszlenart closed pull request #239: WW-5400 Documents how to use cspSettingsClassName parameter URL: https://github.com/apache/struts-site/pull/239 Issue Time Tracking --- Worklog Id: (was: 922755) Time Spent: 3h (was: 2h 50m) > CSP interceptor only allows very limited configuration > -- > > Key: WW-5400 > URL: https://issues.apache.org/jira/browse/WW-5400 > Project: Struts 2 > Issue Type: Improvement > Components: Core Interceptors >Affects Versions: 6.3.0 >Reporter: Erica Kane >Assignee: Lukasz Lenart >Priority: Major > Fix For: 6.5.0 > > Time Spent: 3h > Remaining Estimate: 0h > > I have been trying to implement CSP on our website. The CSP interceptor > provides an elegant solution with the and tags. However, > I want to set my own base-uri. And perhaps make some other changes to the CSP > headers. > But these values are not accessible. Only the report-only and report-uri can > be changed. Even if one is willing to work at the Action level and implement > a new interface for all of them, I can't change the base-uri. I've seen > people on Stack Overflow disable it for this reason. I want to use it, but > could someone please explain how to set the base-uri globally? If not, I will > likely have to make my own. > P.S. I will update the documentation page. Nowhere in the description of the > interceptor does it mention the script and link tags, and without those, it > is useless! -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5400) CSP interceptor only allows very limited configuration
[ https://issues.apache.org/jira/browse/WW-5400?focusedWorklogId=922753&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-922753 ] ASF GitHub Bot logged work on WW-5400: -- Author: ASF GitHub Bot Created on: 10/Jun/24 05:10 Start Date: 10/Jun/24 05:10 Worklog Time Spent: 10m Work Description: lukaszlenart opened a new pull request, #239: URL: https://github.com/apache/struts-site/pull/239 Refs [WW-5400](https://issues.apache.org/jira/browse/WW-5400) Issue Time Tracking --- Worklog Id: (was: 922753) Time Spent: 2h 50m (was: 2h 40m) > CSP interceptor only allows very limited configuration > -- > > Key: WW-5400 > URL: https://issues.apache.org/jira/browse/WW-5400 > Project: Struts 2 > Issue Type: Improvement > Components: Core Interceptors >Affects Versions: 6.3.0 >Reporter: Erica Kane >Assignee: Lukasz Lenart >Priority: Major > Fix For: 6.5.0 > > Time Spent: 2h 50m > Remaining Estimate: 0h > > I have been trying to implement CSP on our website. The CSP interceptor > provides an elegant solution with the and tags. However, > I want to set my own base-uri. And perhaps make some other changes to the CSP > headers. > But these values are not accessible. Only the report-only and report-uri can > be changed. Even if one is willing to work at the Action level and implement > a new interface for all of them, I can't change the base-uri. I've seen > people on Stack Overflow disable it for this reason. I want to use it, but > could someone please explain how to set the base-uri globally? If not, I will > likely have to make my own. > P.S. I will update the documentation page. Nowhere in the description of the > interceptor does it mention the script and link tags, and without those, it > is useless! -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5250) Address TODO in DefaultActionValidatorManagerTest
[
https://issues.apache.org/jira/browse/WW-5250?focusedWorklogId=922752&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-922752
]
ASF GitHub Bot logged work on WW-5250:
--
Author: ASF GitHub Bot
Created on: 10/Jun/24 05:03
Start Date: 10/Jun/24 05:03
Worklog Time Spent: 10m
Work Description: lukaszlenart merged PR #957:
URL: https://github.com/apache/struts/pull/957
Issue Time Tracking
---
Worklog Id: (was: 922752)
Time Spent: 0.5h (was: 20m)
> Address TODO in DefaultActionValidatorManagerTest
> -
>
> Key: WW-5250
> URL: https://issues.apache.org/jira/browse/WW-5250
> Project: Struts 2
> Issue Type: Improvement
> Components: Core, Unit Tests, XML Validators
>Reporter: Lukasz Lenart
>Assignee: Lukasz Lenart
>Priority: Minor
> Fix For: 6.5.0
>
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> There is a TODO which should be addressed:
> {noformat}
> // TODO: this all need to be converted to real unit tests
> {noformat}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Resolved] (WW-5250) Address TODO in DefaultActionValidatorManagerTest
[
https://issues.apache.org/jira/browse/WW-5250?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Lukasz Lenart resolved WW-5250.
---
Resolution: Fixed
> Address TODO in DefaultActionValidatorManagerTest
> -
>
> Key: WW-5250
> URL: https://issues.apache.org/jira/browse/WW-5250
> Project: Struts 2
> Issue Type: Improvement
> Components: Core, Unit Tests, XML Validators
>Reporter: Lukasz Lenart
>Assignee: Lukasz Lenart
>Priority: Minor
> Fix For: 6.5.0
>
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> There is a TODO which should be addressed:
> {noformat}
> // TODO: this all need to be converted to real unit tests
> {noformat}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Work logged] (WW-5400) CSP interceptor only allows very limited configuration
[ https://issues.apache.org/jira/browse/WW-5400?focusedWorklogId=922751&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-922751 ] ASF GitHub Bot logged work on WW-5400: -- Author: ASF GitHub Bot Created on: 10/Jun/24 05:02 Start Date: 10/Jun/24 05:02 Worklog Time Spent: 10m Work Description: lukaszlenart merged PR #956: URL: https://github.com/apache/struts/pull/956 Issue Time Tracking --- Worklog Id: (was: 922751) Time Spent: 2h 40m (was: 2.5h) > CSP interceptor only allows very limited configuration > -- > > Key: WW-5400 > URL: https://issues.apache.org/jira/browse/WW-5400 > Project: Struts 2 > Issue Type: Improvement > Components: Core Interceptors >Affects Versions: 6.3.0 >Reporter: Erica Kane >Assignee: Lukasz Lenart >Priority: Major > Fix For: 6.5.0 > > Time Spent: 2h 40m > Remaining Estimate: 0h > > I have been trying to implement CSP on our website. The CSP interceptor > provides an elegant solution with the and tags. However, > I want to set my own base-uri. And perhaps make some other changes to the CSP > headers. > But these values are not accessible. Only the report-only and report-uri can > be changed. Even if one is willing to work at the Action level and implement > a new interface for all of them, I can't change the base-uri. I've seen > people on Stack Overflow disable it for this reason. I want to use it, but > could someone please explain how to set the base-uri globally? If not, I will > likely have to make my own. > P.S. I will update the documentation page. Nowhere in the description of the > interceptor does it mention the script and link tags, and without those, it > is useless! -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (WW-5400) CSP interceptor only allows very limited configuration
[ https://issues.apache.org/jira/browse/WW-5400?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukasz Lenart resolved WW-5400. --- Resolution: Fixed > CSP interceptor only allows very limited configuration > -- > > Key: WW-5400 > URL: https://issues.apache.org/jira/browse/WW-5400 > Project: Struts 2 > Issue Type: Improvement > Components: Core Interceptors >Affects Versions: 6.3.0 >Reporter: Erica Kane >Assignee: Lukasz Lenart >Priority: Major > Fix For: 6.5.0 > > Time Spent: 2h 40m > Remaining Estimate: 0h > > I have been trying to implement CSP on our website. The CSP interceptor > provides an elegant solution with the and tags. However, > I want to set my own base-uri. And perhaps make some other changes to the CSP > headers. > But these values are not accessible. Only the report-only and report-uri can > be changed. Even if one is willing to work at the Action level and implement > a new interface for all of them, I can't change the base-uri. I've seen > people on Stack Overflow disable it for this reason. I want to use it, but > could someone please explain how to set the base-uri globally? If not, I will > likely have to make my own. > P.S. I will update the documentation page. Nowhere in the description of the > interceptor does it mention the script and link tags, and without those, it > is useless! -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5423) Query Parameters in Multipart Requests not working in v7 M6
[
https://issues.apache.org/jira/browse/WW-5423?focusedWorklogId=922750&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-922750
]
ASF GitHub Bot logged work on WW-5423:
--
Author: ASF GitHub Bot
Created on: 10/Jun/24 05:02
Start Date: 10/Jun/24 05:02
Worklog Time Spent: 10m
Work Description: lukaszlenart merged PR #954:
URL: https://github.com/apache/struts/pull/954
Issue Time Tracking
---
Worklog Id: (was: 922750)
Time Spent: 40m (was: 0.5h)
> Query Parameters in Multipart Requests not working in v7 M6
> ---
>
> Key: WW-5423
> URL: https://issues.apache.org/jira/browse/WW-5423
> Project: Struts 2
> Issue Type: Bug
>Affects Versions: 7.0.0
>Reporter: Philip Crider
>Priority: Major
> Fix For: 7.0.0
>
> Time Spent: 40m
> Remaining Estimate: 0h
>
> One of the changes in [https://github.com/apache/struts/pull/861] broke query
> parameters in multipart requests. Their values are being lost.
> This is the old implementation, which returns null if the parameter doesn't
> exist.
> {code:java}
> public String[] getParameterValues(String name) {
> List v = params.get(name);
> if (v != null && !v.isEmpty()) {
> return v.toArray(new String[0]);
> }
> return null;
> } {code}
>
> And this is the new implementation, which returns an empty array in that case.
> {code:java}
> public String[] getParameterValues(String name) {
> return parameters.getOrDefault(name, Collections.emptyList())
> .toArray(String[]::new);
> }{code}
>
> This method in MultiPartRequestWrapper is expecting null to be returned in
> that case.
> {code:java}
> public String[] getParameterValues(String name) {
> return ((multi == null) || (multi.getParameterValues(name) == null)) ?
> super.getParameterValues(name) : multi.getParameterValues(name);
> }{code}
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Resolved] (WW-5423) Query Parameters in Multipart Requests not working in v7 M6
[
https://issues.apache.org/jira/browse/WW-5423?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Lukasz Lenart resolved WW-5423.
---
Resolution: Fixed
> Query Parameters in Multipart Requests not working in v7 M6
> ---
>
> Key: WW-5423
> URL: https://issues.apache.org/jira/browse/WW-5423
> Project: Struts 2
> Issue Type: Bug
>Affects Versions: 7.0.0
>Reporter: Philip Crider
>Priority: Major
> Fix For: 7.0.0
>
> Time Spent: 40m
> Remaining Estimate: 0h
>
> One of the changes in [https://github.com/apache/struts/pull/861] broke query
> parameters in multipart requests. Their values are being lost.
> This is the old implementation, which returns null if the parameter doesn't
> exist.
> {code:java}
> public String[] getParameterValues(String name) {
> List v = params.get(name);
> if (v != null && !v.isEmpty()) {
> return v.toArray(new String[0]);
> }
> return null;
> } {code}
>
> And this is the new implementation, which returns an empty array in that case.
> {code:java}
> public String[] getParameterValues(String name) {
> return parameters.getOrDefault(name, Collections.emptyList())
> .toArray(String[]::new);
> }{code}
>
> This method in MultiPartRequestWrapper is expecting null to be returned in
> that case.
> {code:java}
> public String[] getParameterValues(String name) {
> return ((multi == null) || (multi.getParameterValues(name) == null)) ?
> super.getParameterValues(name) : multi.getParameterValues(name);
> }{code}
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
