You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tapestry.apache.org by Ryon Day <ry...@yahoo.com> on 2012/08/07 20:56:53 UTC

[T5]: BUG: Proxy Situation: Tapestry 5.3.3 Not Respecting isSecure for Form Action URL

Set-Up:
* My F5 BIG-IP set up in an SSL-offloading situation. All client communication to the BIG-IP is HTTPS, while the BIG-IP device communicates to Tomcat (Tapestry) via HTTP.
* Tapestry is running on Tomcat 6.latest in production mode.
* In the web app I have the Xebia Servlet-Extras (http://code.google.com/p/xebia-france/wiki/XebiaServletExtras):
  * x-forwarded-for is set using the F5 device
  * x-forwarded-proto is set using the F5 device
* Result: isSecure is true for Tapestry using the default "BaseURLSourceImpl" All links are sent back to the client box using https:// instead of http://. This works awesome! All images are loading great, and life is good except...

Tapestry is rendering form actions in the pages sent to the client browser with http:// instead of https://. Obviously this makes no sense since the BaseURLSource is returning https. Does Tapestry not use the BaseURLSource to decide the action URLs for form components? Currently, my only idea has to do with writing a filthy hack that adds some sort of servletrequest injection to my page classes and then set the "secure=" option in the form component in the .TML based on isSecure(). Since this is a proxy situation, I need to have Tapestry handle traffic via http but return action links that are https or at the very least, relative to the current URL.

Has anyone used Tapestry in a similar configuration before? 

P.S: There was a similar thread back in April on this list (http://tapestry.1045711.n5.nabble.com/URL-writing-problem-with-production-mode-true-td5628619.html) but the discussion sadly petered out without addressing the original issue, which appears to be a bug in the action URL rendering logic. I am currently plumbing the depths of the Tapestry code to find out exactly where this odd behavior comes from. I am more than happy to submit a patch if I discover what is up here!

Thanks for any help. I am more than happy to supply any other needed information. to diagnose or to submit a JIRA.

Ryon Day)

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org