Uploaded image for project: 'ZK'
  1. ZK
  2. ZK-4564

split zkau servlet into dedicated au and resource servlets

XMLWordPrintable

    • Icon: New Feature New Feature
    • Resolution: Fixed
    • Icon: Normal Normal
    • 9.5.0
    • 9.0.1
    • ZK Update Engine
    • Security Level: Jimmy
    • None
    • None

      Current Situation

      The DHtmlUpdateServlet handles both resources and ajax updates at the same time.
      This makes it sometimes challenging to provide a strict/clear security configuration, trying to distinguish between executed code and more static resources.
      e.g.:

      https://github.com/zkoss/zkspringboot/blob/master/zkspringboot-demos/zkspringboot-security-demo/src/main/java/org/zkoss/zkspringboot/security/WebSecurityConfig.java#L22-L27

      Expected Result

      Consider an optional way to define, dedicated/separate endpoint servlets separating between dynamic au requests and static resources.
      This can simplify security configuration and improve the distributed resource configuration approach (https://www.zkoss.org/wiki/ZK%20Developer's%20Reference/Performance%20Tips/Load%20JavaScript%20and%20CSS%20from%20Server%20Nearby)

            DevChu DevChu
            cor3000 cor3000
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: