Description
Short Description:
CryptoMapper encrypts links to resources with URLs of the form:
- http://domain/path/script.js
- /local/absolute/path/script.js
Additionally there might be some inconsistencies in handling URLs in instances of ResourceReference.
The problem occurs when JavaScript resources are included in the following way:
@Override
public void renderHead(IHeaderResponse response)
{
super.renderHead(response);
UrlResourceReference reference = new UrlResourceReference(Url.parse("http://domain/path/script.js"));
response.render(reference);
}
The resulting JavaScript links can't be loaded (404 is returned) when CryptoMapper is used.
This is a minor problem, because the following always works for JavaScript files not served by Wicket ("external JavaScript files"):
response.render(new StringHeaderItem("<script type=\"text/javascript\" src=\"//domain/myPath/manual.js\"></script>");
Ways to reproduce:
A code example for wicket-examples is attached (example.zip)
Local URLs:
http://localhost:8080/enc/index
http://localhost:8080/unenc/index
Possible fix:
- disable encryption for URLs beginning with '/', '<schema>://' and '//' and not served/filtered by Wicket
(
- define different reference classes for external files and files served/filtered by Wicket, issue warnings when a wrong URL type is supplied by the user or treat URLs beginning with '/', '<schema>://' and '//' differently
)
Thank you