You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tapestry.apache.org by hl...@apache.org on 2010/10/21 01:45:11 UTC
svn commit: r1025791 -
/tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/corelib/components/Form.java
Author: hlship
Date: Wed Oct 20 23:45:11 2010
New Revision: 1025791
URL: http://svn.apache.org/viewvc?rev=1025791&view=rev
Log:
TAP5-874: Form component should be able to render a secure URL even on an insecure page
Modified:
tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/corelib/components/Form.java
Modified: tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/corelib/components/Form.java
URL: http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/corelib/components/Form.java?rev=1025791&r1=1025790&r2=1025791&view=diff
==============================================================================
--- tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/corelib/components/Form.java (original)
+++ tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/corelib/components/Form.java Wed Oct 20 23:45:11 2010
@@ -191,6 +191,16 @@ public class Form implements ClientEleme
private String zone;
/**
+ * If true, then the Form's action will be secure (using an absolute URL with the HTTPs scheme) regardless
+ * of whether the containing page itself is secure or not. This parameter does nothing
+ * when {@linkplain SymbolConstants#SECURE_ENABLED security is disabled} (which is often
+ * the case in development mode). This only affects how the Form's action attribute is rendered, there is
+ * not (currently) a check that the form is actually submitted securely.
+ */
+ @Parameter
+ private boolean secure;
+
+ /**
* Prefix value used when searching for validation messages and constraints.
* The default is the Form component's
* id. This is overridden by {@link org.apache.tapestry5.corelib.components.BeanEditForm}.
@@ -238,6 +248,10 @@ public class Form implements ClientEleme
@Persist(PersistenceConstants.FLASH)
private ValidationTracker defaultTracker;
+ @Inject
+ @Symbol(SymbolConstants.SECURE_ENABLED)
+ private boolean secureEnabled;
+
private InternalFormSupport formSupport;
private Element form;
@@ -354,6 +368,8 @@ public class Form implements ClientEleme
{
Link link = resources.createFormEventLink(EventConstants.ACTION, context);
+ String actionURL = secure && secureEnabled ? link.toAbsoluteURI(true) : link.toURI();
+
actionSink = new ComponentActionSink(logger, clientDataEncoder);
clientId = javascriptSupport.allocateClientId(resources);
@@ -394,7 +410,7 @@ public class Form implements ClientEleme
// Save the form element for later, in case we want to write an encoding
// type attribute.
- form = writer.element("form", "id", clientId, "method", "post", "action", link);
+ form = writer.element("form", "id", clientId, "method", "post", "action", actionURL);
if ((zone != null || clientValidation) && !request.isXHR())
writer.attributes("onsubmit", MarkupConstants.WAIT_FOR_PAGE);