[WICKET-7107] CSP Header not rendered when using RedirectPolicy.AUTO_REDIRECT - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: 9.16.0
Fix Version/s: None
Component/s: wicket-core
Labels:
None

Description

If we redirect to another Web Page and use the RedirectPolicy.AUTO_REDIRECT, this results in the CSP directives being missing in the head of the result page.

I've attached a quickstart application to show the error. Just browse to http://localhost:8080/redirect and use the browser's developer console of your choice. The CSP is not included if Wicket performs a RestartResponseException with a WebPage instance like this

throw new RestartResponseException(new HomePage(new PageParameters()));

If you open the home page directly http://localhost:8080/ the response does include a CSP.

There is an additional test for the CSPRequestCycleListener with different page classes as test parameters.

Relates to https://issues.apache.org/jira/browse/WICKET-7028

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

myproject.zip
23/Apr/24 10:12
38 kB
Dirk Forchel

Issue Links

relates to

WICKET-7028 CSP header not rendered when using RedirectPolicy.NEVER_REDIRECT

Resolved

links to

GitHub Pull Request #846

Activity

People

Assignee:: Unassigned

Reporter:: Dirk Forchel

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 23/Apr/24 10:13

Updated:: 23/May/24 09:48