You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@shindig.apache.org by Mark van Cuijk <ma...@luminis.eu> on 2012/04/23 12:18:09 UTC

default-forced-libs and HTTPS

Hi,

We're migrating one of our projects that is using Shindig into an HTTPS-only environment, but in the process I'm experiencing the problem that some generated HTML explicitly references non-HTTPS URLs. I've been able to track down a bit what's happening, but I'm a little stuck.

In our configuration, we've set a couple of properties that are relevant:
- shindig.gadget-rewrite.default-forced-libs = core:rpc
- shindig.host = fqdn.of.host
- shindig.port = 443

What happens is that when doing a request to the GadgetRenderingServlet, the RenderingGadgetRewriter is used to inject some libraries into the output document, which eventually looks like:

<script src="http://fqdn.of.host:443/gadgets/js/core:rpc.js?container=default&amp;nocache=1&amp;debug=0&amp;c=0"></script>

Not surprisingly, this fails. However, when I open the URL using HTTPS, it succeeds.

Can someone point me in the right direction to change the URL, such that it refers to HTTPS?

Thanks,
Mark van Cuijk

Re: default-forced-libs and HTTPS

Posted by Mark van Cuijk <ma...@luminis.eu>.

On Apr 23, 2012, at 1:32 PM, Jasha Joachimsthal wrote:

> the default container.js file contains a few hard coded http:// references.
> One of them is for RPC calls. You need to change those into https.

Hi Jasha,

It indeed does. I've replaced the references and RPC is now done over HTTPS.

Thank you for your quick reply :)

Regards,
Mark van Cuijk

Re: default-forced-libs and HTTPS

Posted by Jasha Joachimsthal <j....@onehippo.com>.

On 23 April 2012 12:18, Mark van Cuijk <ma...@luminis.eu> wrote:

> Hi,
>
> We're migrating one of our projects that is using Shindig into an
> HTTPS-only environment, but in the process I'm experiencing the problem
> that some generated HTML explicitly references non-HTTPS URLs. I've been
> able to track down a bit what's happening, but I'm a little stuck.
>
> In our configuration, we've set a couple of properties that are relevant:
> - shindig.gadget-rewrite.default-forced-libs = core:rpc
> - shindig.host = fqdn.of.host
> - shindig.port = 443
>
> What happens is that when doing a request to the GadgetRenderingServlet,
> the RenderingGadgetRewriter is used to inject some libraries into the
> output document, which eventually looks like:
>
> <script src="
> http://fqdn.of.host:443/gadgets/js/core:rpc.js?container=default&amp;nocache=1&amp;debug=0&amp;c=0
> "></script>
>
> Not surprisingly, this fails. However, when I open the URL using HTTPS, it
> succeeds.
>
> Can someone point me in the right direction to change the URL, such that
> it refers to HTTPS?
>
> Thanks,
> Mark van Cuijk
>

Hi Mark,

the default container.js file contains a few hard coded http:// references.
One of them is for RPC calls. You need to change those into https.


Jasha Joachimsthal

Europe - Amsterdam - Oosteinde 11, 1017 WT Amsterdam - +31(0)20 522 4466
US - Boston - 1 Broadway, Cambridge, MA 02142 - +1 877 414 4776 (toll free)

www.onehippo.com