Uploaded image for project: 'Wicket'
  1. Wicket
  2. WICKET-5319

CryptoMapper encrypts external URLs in ResourceReferences making the resources inaccessible

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • 6.9.1
    • 6.11.0, 7.0.0-M1
    • None
    • None
    • Linux

    Description

      Short Description:

      CryptoMapper encrypts links to resources with URLs of the form:

      Additionally there might be some inconsistencies in handling URLs in instances of ResourceReference.

      The problem occurs when JavaScript resources are included in the following way:

      @Override
      public void renderHead(IHeaderResponse response)
      {
      super.renderHead(response);

      UrlResourceReference reference = new UrlResourceReference(Url.parse("http://domain/path/script.js"));
      response.render(reference);
      }

      The resulting JavaScript links can't be loaded (404 is returned) when CryptoMapper is used.

      This is a minor problem, because the following always works for JavaScript files not served by Wicket ("external JavaScript files"):

      response.render(new StringHeaderItem("<script type=\"text/javascript\" src=\"//domain/myPath/manual.js\"></script>");

      Ways to reproduce:

      A code example for wicket-examples is attached (example.zip)
      Local URLs:
      http://localhost:8080/enc/index
      http://localhost:8080/unenc/index

      Possible fix:

      • disable encryption for URLs beginning with '/', '<schema>://' and '//' and not served/filtered by Wicket

      (

      • define different reference classes for external files and files served/filtered by Wicket, issue warnings when a wrong URL type is supplied by the user or treat URLs beginning with '/', '<schema>://' and '//' differently
        )

      Thank you

      Attachments

        1. 5319.tar.gz
          19 kB
          Walter B. Rasmann

        Activity

          People

            svenmeier Sven Meier
            wicket.x.ttp Walter B. Rasmann
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: