You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tapestry.apache.org by hl...@apache.org on 2010/10/21 01:45:11 UTC

svn commit: r1025791 - /tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/corelib/components/Form.java

Author: hlship
Date: Wed Oct 20 23:45:11 2010
New Revision: 1025791

URL: http://svn.apache.org/viewvc?rev=1025791&view=rev
Log:
TAP5-874: Form component should be able to render a secure URL even on an insecure page

Modified:
    tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/corelib/components/Form.java

Modified: tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/corelib/components/Form.java
URL: http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/corelib/components/Form.java?rev=1025791&r1=1025790&r2=1025791&view=diff
==============================================================================
--- tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/corelib/components/Form.java (original)
+++ tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/corelib/components/Form.java Wed Oct 20 23:45:11 2010
@@ -191,6 +191,16 @@ public class Form implements ClientEleme
     private String zone;
 
     /**
+     * If true, then the Form's action will be secure (using an absolute URL with the HTTPs scheme) regardless
+     * of whether the containing page itself is secure or not. This parameter does nothing
+     * when {@linkplain SymbolConstants#SECURE_ENABLED security is disabled} (which is often
+     * the case in development mode). This only affects how the Form's action attribute is rendered, there is
+     * not (currently) a check that the form is actually submitted securely.
+     */
+    @Parameter
+    private boolean secure;
+
+    /**
      * Prefix value used when searching for validation messages and constraints.
      * The default is the Form component's
      * id. This is overridden by {@link org.apache.tapestry5.corelib.components.BeanEditForm}.
@@ -238,6 +248,10 @@ public class Form implements ClientEleme
     @Persist(PersistenceConstants.FLASH)
     private ValidationTracker defaultTracker;
 
+    @Inject
+    @Symbol(SymbolConstants.SECURE_ENABLED)
+    private boolean secureEnabled;
+
     private InternalFormSupport formSupport;
 
     private Element form;
@@ -354,6 +368,8 @@ public class Form implements ClientEleme
     {
         Link link = resources.createFormEventLink(EventConstants.ACTION, context);
 
+        String actionURL = secure && secureEnabled ? link.toAbsoluteURI(true) : link.toURI();
+
         actionSink = new ComponentActionSink(logger, clientDataEncoder);
 
         clientId = javascriptSupport.allocateClientId(resources);
@@ -394,7 +410,7 @@ public class Form implements ClientEleme
         // Save the form element for later, in case we want to write an encoding
         // type attribute.
 
-        form = writer.element("form", "id", clientId, "method", "post", "action", link);
+        form = writer.element("form", "id", clientId, "method", "post", "action", actionURL);
 
         if ((zone != null || clientValidation) && !request.isXHR())
             writer.attributes("onsubmit", MarkupConstants.WAIT_FOR_PAGE);