Wicket
  1. Wicket
  2. WICKET-5319

CryptoMapper encrypts external URLs in ResourceReferences making the resources inaccessible

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 6.9.1
    • Fix Version/s: 6.11.0, 7.0.0-M1
    • Component/s: None
    • Labels:
      None
    • Environment:
      Linux

      Description

      Short Description:

      CryptoMapper encrypts links to resources with URLs of the form:

      Additionally there might be some inconsistencies in handling URLs in instances of ResourceReference.

      The problem occurs when JavaScript resources are included in the following way:

      @Override
      public void renderHead(IHeaderResponse response)

      { super.renderHead(response); UrlResourceReference reference = new UrlResourceReference(Url.parse("http://domain/path/script.js")); response.render(reference); }

      The resulting JavaScript links can't be loaded (404 is returned) when CryptoMapper is used.

      This is a minor problem, because the following always works for JavaScript files not served by Wicket ("external JavaScript files"):

      response.render(new StringHeaderItem("<script type=\"text/javascript\" src=\"//domain/myPath/manual.js\"></script>");

      Ways to reproduce:

      A code example for wicket-examples is attached (example.zip)
      Local URLs:
      http://localhost:8080/enc/index
      http://localhost:8080/unenc/index

      Possible fix:

      • disable encryption for URLs beginning with '/', '<schema>://' and '//' and not served/filtered by Wicket

      (

      • define different reference classes for external files and files served/filtered by Wicket, issue warnings when a wrong URL type is supplied by the user or treat URLs beginning with '/', '<schema>://' and '//' differently
        )

      Thank you

      1. 5319.tar.gz
        19 kB
        Walter B. Rasmann

        Activity

          People

          • Assignee:
            Sven Meier
            Reporter:
            Walter B. Rasmann
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development