Issue
I am trying wicket with spring-boot integration and I am trying to simply add a stylesheet to a very simple page. So I placed the stylesheet in resources/static/css
as usual in Spring-boot and in fact, I see it is served (by pointing to CSS URL).
On the other side, I did not see in the sources (Ctrl+Shift+I in Chrome), so I checked the browser log and found the following error:
Refused to load the stylesheet 'http://localhost:8080/css/custom.css' because it violates the following Content Security Policy directive: "style-src 'none-...."
I have NOT enabled Spring Security because I am still trying to understand how Wicket works, but if needed I can do it.
Can anybody suggest a solution? Thanks.
Solution
This is caused by Wicket's CSP (Content Security Policy).
You can disable it by adding the following line in YourApplication#init()
method:
getCspSettings().blocking().disabled();
You will have to read some more about CSP if you want to re-enable it.
Answered By - martin-g