You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by "Daniel Peters (JIRA)" <ji...@apache.org> on 2010/08/24 17:02:16 UTC
[jira] Created: (WICKET-3009) support X-Forwarded-Proto header in
SwitchProtocolRequestTarget
support X-Forwarded-Proto header in SwitchProtocolRequestTarget
---------------------------------------------------------------
Key: WICKET-3009
URL: https://issues.apache.org/jira/browse/WICKET-3009
Project: Wicket
Issue Type: Improvement
Components: wicket
Affects Versions: 1.4.10
Reporter: Daniel Peters
Priority: Minor
If you use the @RequireHttps annotation and HttpsRequestCycleProcessor, the currently used protocol is determined by looking at HttpServletRequest.getScheme().
But when your (clustered) wicket-application is behind a frontend load-balancer that does all the SSL for you, this isn't enough.
In my case the load-balancer (Apache httpd with mod_proxy) does the external http/https and ALLWAYS talks to the cluster-nodes with http. With the current wicket-code this leads to an endless redirect-loop.
A common practice seems to be to send a request-header that says how the page has been originally requested.
The header-name "X-Forwarded-Proto" is quite popular (do a google search), so I chose that one... It should contain one of the values "http" or "https".
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (WICKET-3009) support X-Forwarded-Proto header in
SwitchProtocolRequestTarget
Posted by "Peter Ertl (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WICKET-3009?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12903902#action_12903902 ]
Peter Ertl commented on WICKET-3009:
------------------------------------
you might want to vote for
https://issues.apache.org/jira/browse/WICKET-3015
> support X-Forwarded-Proto header in SwitchProtocolRequestTarget
> ---------------------------------------------------------------
>
> Key: WICKET-3009
> URL: https://issues.apache.org/jira/browse/WICKET-3009
> Project: Wicket
> Issue Type: Improvement
> Components: wicket
> Affects Versions: 1.4.10
> Reporter: Daniel Peters
> Priority: Minor
> Attachments: SwitchProtocolRequestTarget.java.patch
>
>
> If you use the @RequireHttps annotation and HttpsRequestCycleProcessor, the currently used protocol is determined by looking at HttpServletRequest.getScheme().
> But when your (clustered) wicket-application is behind a frontend load-balancer that does all the SSL for you, this isn't enough.
> In my case the load-balancer (Apache httpd with mod_proxy) does the external http/https and ALLWAYS talks to the cluster-nodes with http. With the current wicket-code this leads to an endless redirect-loop.
> A common practice seems to be to send a request-header that says how the page has been originally requested.
> The header-name "X-Forwarded-Proto" is quite popular (do a google search), so I chose that one... It should contain one of the values "http" or "https".
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (WICKET-3009) support X-Forwarded-Proto header in
SwitchProtocolRequestTarget
Posted by "Daniel Peters (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WICKET-3009?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Daniel Peters updated WICKET-3009:
----------------------------------
Attachment: SwitchProtocolRequestTarget.java.patch
> support X-Forwarded-Proto header in SwitchProtocolRequestTarget
> ---------------------------------------------------------------
>
> Key: WICKET-3009
> URL: https://issues.apache.org/jira/browse/WICKET-3009
> Project: Wicket
> Issue Type: Improvement
> Components: wicket
> Affects Versions: 1.4.10
> Reporter: Daniel Peters
> Priority: Minor
> Attachments: SwitchProtocolRequestTarget.java.patch
>
>
> If you use the @RequireHttps annotation and HttpsRequestCycleProcessor, the currently used protocol is determined by looking at HttpServletRequest.getScheme().
> But when your (clustered) wicket-application is behind a frontend load-balancer that does all the SSL for you, this isn't enough.
> In my case the load-balancer (Apache httpd with mod_proxy) does the external http/https and ALLWAYS talks to the cluster-nodes with http. With the current wicket-code this leads to an endless redirect-loop.
> A common practice seems to be to send a request-header that says how the page has been originally requested.
> The header-name "X-Forwarded-Proto" is quite popular (do a google search), so I chose that one... It should contain one of the values "http" or "https".
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.