[wicket] branch master updated: Fix minor typo ("thrid" -> "third")

Thu, 27 Aug 2020 11:33:39 -0700 

This is an automated email from the ASF dual-hosted git repository.

svenmeier pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/wicket.git


The following commit(s) were added to refs/heads/master by this push:
     new 6b40bf6  Fix minor typo ("thrid" -> "third")
6b40bf6 is described below

commit 6b40bf640a56a4aedae935a8527a0778949c399f
Author: Sven Haster <buurman.s...@gmail.com>
AuthorDate: Thu Aug 27 16:04:27 2020 +0200

    Fix minor typo ("thrid" -> "third")
    
    This closes #445
    
    Signed-off-by: Sven Meier <svenme...@apache.org>
---
 wicket-user-guide/src/main/asciidoc/security/security_6.adoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/wicket-user-guide/src/main/asciidoc/security/security_6.adoc 
b/wicket-user-guide/src/main/asciidoc/security/security_6.adoc
index d770f67..8d0f168 100644
--- a/wicket-user-guide/src/main/asciidoc/security/security_6.adoc
+++ b/wicket-user-guide/src/main/asciidoc/security/security_6.adoc
@@ -33,7 +33,7 @@ As mentioned before, Wicket uses a very strict CSP by 
default. This preset can b
   getCspSettings().blocking().strict();
 ----
 
-A thrid preset is available that allows unsafe inline Javascript and styling 
and the use of unsafe _eval_. As can be inferred from the names, use of 
_unsafe_ is not recommended. It removes the most important protection offered 
by CSP. However, older applications may not be ready to apply a strict CSP. For 
those applications, _CSPHeaderConfiguration.unsafeInline()_ can be a starting 
point for the path to a strict CSP.
+A third preset is available that allows unsafe inline Javascript and styling 
and the use of unsafe _eval_. As can be inferred from the names, use of 
_unsafe_ is not recommended. It removes the most important protection offered 
by CSP. However, older applications may not be ready to apply a strict CSP. For 
those applications, _CSPHeaderConfiguration.unsafeInline()_ can be a starting 
point for the path to a strict CSP.
 
 _CSPHeaderConfiguration_ defines several methods to tune the Content Security 
Policy for your application. Additional sources can be whitelisted for certain 
via the _add(CSPDirective, ...)_ methods. For example, the code below 
whitelists images rendered via a _data:_ url, fonts loaded from 
_https://maxcdn.bootstrapcdn.com_ and a single CSS file.

Reply via email to