Class ResourceIsolationRequestCycleListener

java.lang.Object
org.apache.wicket.protocol.http.ResourceIsolationRequestCycleListener
All Implemented Interfaces:
IRequestCycleListener
Direct Known Subclasses:
WebSocketAwareResourceIsolationRequestCycleListener

This RequestCycle listener ensures resource isolation, adding a layer of protection for modern browsers that prevent Cross-Site Request Forgery attacks.

It uses the FetchMetadataResourceIsolationPolicy and OriginResourceIsolationPolicy by default and can be customized with additional IResourceIsolationPolicys.

URL paths that are intended to be used cross-site can be excempted from these policies.

Learn more about Fetch Metadata and resource isolation at https://web.dev/fetch-metadata/

Author:
Santiago Diaz - saldiaz@google.com, Ecenaz Jen Ozmen - ecenazo@google.com