Uploaded image for project: 'ZK'
  1. ZK
  2. ZK-4564

split zkau servlet into dedicated au and resource servlets

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: 9.0.1
    • Fix Version/s: 9.5.0
    • Component/s: ZK Update Engine
    • Security Level: Jimmy
    • Labels:
      None

      Description

      Current Situation

      The DHtmlUpdateServlet handles both resources and ajax updates at the same time.
      This makes it sometimes challenging to provide a strict/clear security configuration, trying to distinguish between executed code and more static resources.
      e.g.:

      https://github.com/zkoss/zkspringboot/blob/master/zkspringboot-demos/zkspringboot-security-demo/src/main/java/org/zkoss/zkspringboot/security/WebSecurityConfig.java#L22-L27

      Expected Result

      Consider an optional way to define, dedicated/separate endpoint servlets separating between dynamic au requests and static resources.
      This can simplify security configuration and improve the distributed resource configuration approach (https://www.zkoss.org/wiki/ZK%20Developer's%20Reference/Performance%20Tips/Load%20JavaScript%20and%20CSS%20from%20Server%20Nearby)

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              DevChu DevChu
              Reporter:
              cor3000 cor3000
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: