You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@wicket.apache.org by "Daniel Peters (JIRA)" <ji...@apache.org> on 2010/08/24 17:02:16 UTC

[jira] Created: (WICKET-3009) support X-Forwarded-Proto header in SwitchProtocolRequestTarget

support X-Forwarded-Proto header in SwitchProtocolRequestTarget
---------------------------------------------------------------

                 Key: WICKET-3009
                 URL: https://issues.apache.org/jira/browse/WICKET-3009
             Project: Wicket
          Issue Type: Improvement
          Components: wicket
    Affects Versions: 1.4.10
            Reporter: Daniel Peters
            Priority: Minor


If you use the @RequireHttps annotation and HttpsRequestCycleProcessor, the currently used protocol is determined by looking at HttpServletRequest.getScheme().
But when your (clustered) wicket-application is behind a frontend load-balancer that does all the SSL for you, this isn't enough.

In my case the load-balancer (Apache httpd with mod_proxy) does the external http/https and ALLWAYS talks to the cluster-nodes with http. With the current wicket-code this leads to an endless redirect-loop.

A common practice seems to be to send a request-header that says how the page has been originally requested.
The header-name "X-Forwarded-Proto" is quite popular (do a google search), so I chose that one... It should contain one of the values "http" or "https".


-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (WICKET-3009) support X-Forwarded-Proto header in SwitchProtocolRequestTarget

Posted by "Peter Ertl (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/WICKET-3009?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12903902#action_12903902 ] 

Peter Ertl commented on WICKET-3009:
------------------------------------

you might want to vote for 

  https://issues.apache.org/jira/browse/WICKET-3015

> support X-Forwarded-Proto header in SwitchProtocolRequestTarget
> ---------------------------------------------------------------
>
>                 Key: WICKET-3009
>                 URL: https://issues.apache.org/jira/browse/WICKET-3009
>             Project: Wicket
>          Issue Type: Improvement
>          Components: wicket
>    Affects Versions: 1.4.10
>            Reporter: Daniel Peters
>            Priority: Minor
>         Attachments: SwitchProtocolRequestTarget.java.patch
>
>
> If you use the @RequireHttps annotation and HttpsRequestCycleProcessor, the currently used protocol is determined by looking at HttpServletRequest.getScheme().
> But when your (clustered) wicket-application is behind a frontend load-balancer that does all the SSL for you, this isn't enough.
> In my case the load-balancer (Apache httpd with mod_proxy) does the external http/https and ALLWAYS talks to the cluster-nodes with http. With the current wicket-code this leads to an endless redirect-loop.
> A common practice seems to be to send a request-header that says how the page has been originally requested.
> The header-name "X-Forwarded-Proto" is quite popular (do a google search), so I chose that one... It should contain one of the values "http" or "https".

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (WICKET-3009) support X-Forwarded-Proto header in SwitchProtocolRequestTarget

Posted by "Daniel Peters (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/WICKET-3009?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Daniel Peters updated WICKET-3009:
----------------------------------

    Attachment: SwitchProtocolRequestTarget.java.patch

> support X-Forwarded-Proto header in SwitchProtocolRequestTarget
> ---------------------------------------------------------------
>
>                 Key: WICKET-3009
>                 URL: https://issues.apache.org/jira/browse/WICKET-3009
>             Project: Wicket
>          Issue Type: Improvement
>          Components: wicket
>    Affects Versions: 1.4.10
>            Reporter: Daniel Peters
>            Priority: Minor
>         Attachments: SwitchProtocolRequestTarget.java.patch
>
>
> If you use the @RequireHttps annotation and HttpsRequestCycleProcessor, the currently used protocol is determined by looking at HttpServletRequest.getScheme().
> But when your (clustered) wicket-application is behind a frontend load-balancer that does all the SSL for you, this isn't enough.
> In my case the load-balancer (Apache httpd with mod_proxy) does the external http/https and ALLWAYS talks to the cluster-nodes with http. With the current wicket-code this leads to an endless redirect-loop.
> A common practice seems to be to send a request-header that says how the page has been originally requested.
> The header-name "X-Forwarded-Proto" is quite popular (do a google search), so I chose that one... It should contain one of the values "http" or "https".

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.