Here's a list of the most noteworthy things in the RAP 3.21 release which is available for download since June 15, 2022.
We added the ability to set a Content Security Policy (a string with directives) to the RAP
application. The implementation is based on the script nonce
attribute, whereby
only allowed scripts are executed.
Content-Security-Policy: script-src 'nonce-2726c7f26c'
A dynamically generated nonce value will be added at runtime. Use 'nonce-'
in your script-src
directive. Example of a CSP:
script-src 'strict-dynamic' 'nonce-' http: https:; object-src 'none'; base-uri 'none';
For a workbench application, the CSP can be set in a new csp
attribute of the
entrypoint
extension in plugin.xml
. In other cases, use the new
org.eclipse.rap.rwt.client.WebClient.CSP
property when defining an entrypoint
in the ApplicationConfiguration
.
public class MyApplication implements ApplicationConfiguration {
public void configure( Application application ) {
Map
Note: Without 'unsafe-eval'
in your CSP script-src
directive, the following RAP features will not work:
Two major changes to the JavaScript client have been introduced. The UI and server push requests
now use fetch
instead of XHR. This allows us to intercept and process the redirect
requests by the framwork. In order to support strict CSP, the property system of the JavaScript client
has been reworked to eliminate the places where JavaScript is generated from strings.
The Eclipse RAP project is now using GitHub for source code and issue tracking instead of Gerrit and Bugzilla.
Instead of Gerrit, we will do our development via GitHub from now on. Under the new
Eclipse RAP organisation, the previous Git
repositories with all branches and tags can now be found there, whereby the main development
is now done in the main
instead of the master
branch. The old
Gerrit repositories will remain in read-only mode and will no longer be updated.
The same applies to issue tracking: For our future work we will use GitHub issues only. Old bugs remain in Bugzilla, but new ones should only be created as GitHub issues for the Eclipse RAP projects.
All relevant build jobs have been updated, our dedicated Jenkins instance remains the same as before.
To assist you with the migration from RAP 2.x (or 1.x) to 3.0, we provide a migration guide.