[jira] [Updated] (WICKET-7107) CSP Header not rendered when using RedirectPolicy.AUTO_REDIRECT

Thu, 25 Apr 2024 09:39:06 -0700 


     [ 
https://issues.apache.org/jira/browse/WICKET-7107?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Dirk Forchel updated WICKET-7107:
---------------------------------
    Description: 
If we redirect to another Web Page and use the RedirectPolicy.AUTO_REDIRECT, 
this results in the CSP directives being missing in the head of the result page.

I've attached a quickstart application to show the error. Just browse to 
[http://localhost:8080/redirect|http://localhost:8080/redirect.] and use the 
browser's developer console of your choice. The CSP is not included if Wicket 
performs a RestartResponseException with a WebPage instance like this
{code:java}
throw new RestartResponseException(new HomePage(new PageParameters()));{code}
If you open the home page directly 
[http://localhost:8080/|http://localhost:8080/redirect.] the response does 
include a CSP.

There is an additional test for the CSPRequestCycleListener with different page 
classes as test parameters.

Relates to https://issues.apache.org/jira/browse/WICKET-7028

  was:
If we redirect to another Web Page and use the RedirectPolicy.AUTO_REDIRECT, 
this results in the CSP directives being missing in the head of the result page.

I've attached a Quickstart with the use-case (see RedirectPage.java) and an 
additional Test for the CSPRequestCycleListener with different page classes as 
test parameters.

Relates to https://issues.apache.org/jira/browse/WICKET-7028


> CSP Header not rendered when using RedirectPolicy.AUTO_REDIRECT
> ---------------------------------------------------------------
>
>                 Key: WICKET-7107
>                 URL: https://issues.apache.org/jira/browse/WICKET-7107
>             Project: Wicket
>          Issue Type: Bug
>          Components: wicket-core
>    Affects Versions: 9.16.0
>            Reporter: Dirk Forchel
>            Priority: Major
>         Attachments: myproject.zip
>
>
> If we redirect to another Web Page and use the RedirectPolicy.AUTO_REDIRECT, 
> this results in the CSP directives being missing in the head of the result 
> page.
> I've attached a quickstart application to show the error. Just browse to 
> [http://localhost:8080/redirect|http://localhost:8080/redirect.] and use the 
> browser's developer console of your choice. The CSP is not included if Wicket 
> performs a RestartResponseException with a WebPage instance like this
> {code:java}
> throw new RestartResponseException(new HomePage(new PageParameters()));{code}
> If you open the home page directly 
> [http://localhost:8080/|http://localhost:8080/redirect.] the response does 
> include a CSP.
> There is an additional test for the CSPRequestCycleListener with different 
> page classes as test parameters.
> Relates to https://issues.apache.org/jira/browse/WICKET-7028



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to