This is an automated email from the ASF dual-hosted git repository. svenmeier pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/wicket.git
The following commit(s) were added to refs/heads/master by this push: new 6b40bf6 Fix minor typo ("thrid" -> "third") 6b40bf6 is described below commit 6b40bf640a56a4aedae935a8527a0778949c399f Author: Sven Haster <buurman.s...@gmail.com> AuthorDate: Thu Aug 27 16:04:27 2020 +0200 Fix minor typo ("thrid" -> "third") This closes #445 Signed-off-by: Sven Meier <svenme...@apache.org> --- wicket-user-guide/src/main/asciidoc/security/security_6.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wicket-user-guide/src/main/asciidoc/security/security_6.adoc b/wicket-user-guide/src/main/asciidoc/security/security_6.adoc index d770f67..8d0f168 100644 --- a/wicket-user-guide/src/main/asciidoc/security/security_6.adoc +++ b/wicket-user-guide/src/main/asciidoc/security/security_6.adoc @@ -33,7 +33,7 @@ As mentioned before, Wicket uses a very strict CSP by default. This preset can b getCspSettings().blocking().strict(); ---- -A thrid preset is available that allows unsafe inline Javascript and styling and the use of unsafe _eval_. As can be inferred from the names, use of _unsafe_ is not recommended. It removes the most important protection offered by CSP. However, older applications may not be ready to apply a strict CSP. For those applications, _CSPHeaderConfiguration.unsafeInline()_ can be a starting point for the path to a strict CSP. +A third preset is available that allows unsafe inline Javascript and styling and the use of unsafe _eval_. As can be inferred from the names, use of _unsafe_ is not recommended. It removes the most important protection offered by CSP. However, older applications may not be ready to apply a strict CSP. For those applications, _CSPHeaderConfiguration.unsafeInline()_ can be a starting point for the path to a strict CSP. _CSPHeaderConfiguration_ defines several methods to tune the Content Security Policy for your application. Additional sources can be whitelisted for certain via the _add(CSPDirective, ...)_ methods. For example, the code below whitelists images rendered via a _data:_ url, fonts loaded from _https://maxcdn.bootstrapcdn.com_ and a single CSS file.