WICKET-7107 improved BaseWicketTester#WicketTesterServletWebResponse #846
Conversation
|
ResetResponseException$ResponseResettingDecorator#respond(RequestCycle) calls reset() on the response object. The current implementation in BaseWicketTester$WicketTesterServletWebResponse does nothing which is not representative of the implementation in BufferedWebResponse or ServletWebResponse. I therefore added the clearing of cookies and headers which makes the tests fail. |
|
I replaced CSPRequestCycleListener#onRequestHandlerResolved and CSPRequestCycleListener#onRequestHandlerExecuted with onUrlMapped which fixes the tests. Is this a good idea? |
There was a problem hiding this comment.
I'm not sure this is the way to go. This seems to fix a previous ISSUE
https://issues.apache.org/jira/browse/WICKET-7028
But this I had to check by manual testing. IMHO, we should not invest more time on fixing corner cases and invest some time doing
|
|
||
| @Override | ||
| public void onRequestHandlerExecuted(RequestCycle cycle, IRequestHandler handler) | ||
| public void onUrlMapped(RequestCycle cycle, IRequestHandler handler, Url url) |
There was a problem hiding this comment.
I have tried this change with
https://issues.apache.org/jira/browse/WICKET-7028
sample application and this change seems to be Ok. But to be honest I'm not sure this is the way we should go. See
There was a problem hiding this comment.
WICKET-7040 is never going to work, I think. Due to ajax requests, components can be instantiated long after the original page has been created and long after the original CSP has been sent to the browser. Additional CPSs could be delivered to the client as meta tags but weakening the original CSP is not allowed ( https://www.w3.org/TR/CSP3/#multiple-policies ). Therefore the strictest possible set of policies has to be known before the page is rendered.
WicketTesterServletWebResponse does implement IMetaDataBufferingWebResponse but fails to buffer header data. Headers are therefore lost in some cases. I took the provided test from WICKET-7107 and reduced it to the minimum required to demonstrate the issue. I also added the header buffering to BaseWicketTester#WicketTesterServletWebResponse.
I believe that this is an improvement but it ultimately falls short of actually testing wicket core functionality. It only tests the test infrastructure. Also, WICKET-7107 is still valid. In the quick start, the buffered response sent after the redirect does not contain the CSP header.