You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@wicket.apache.org by Tomasz Pluskiewicz <to...@t-code.pl.INVALID> on 2024/03/18 16:39:11 UTC
AbstractAjaxBehavior#getCallbackUrl returning HTTP URLs instead of HTTPS
Hello
I’m troubleshooting a problem which suddenly appeared on my instance of INCEpTION [1]. It is using wicket 9.16
I am running behind a reverse proxy and seemingly out of the blue page navigation goes over HTTPS-HTTP-HTTPS redirects [2]. Alone, that would not be an issue but the application sends some URLs constructed by wicket [2] to fetch and they fail security checks in the browser.
I tracked them to AbstractAjaxBehavior#getCallbackUrl but am at a loss as to why the returned URLs are not HTTPS…
The server is running a managed nginx on cloud66.com. It is doing SSL termination as expected, adding the X-Forwarded-* headers. I’ve been running a number of apps there and never had this kind of problems. Strangest part is that initially the app worked fine and this started happening only after some time, with no apparent reason that I con think of in terms of server reconfiguration etc.
Thanks,
Tom
[1]: https://github.com/inception-project/inception
[2]: https://github.com/inception-project/inception/issues/4630
[3]: https://github.com/inception-project/inception/blob/inception-31.3/inception/inception-pdf-editor2/src/main/java/de/tudarmstadt/ukp/inception/pdfeditor2/view/PdfDocumentIFrameView.java#L165-L166
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: AbstractAjaxBehavior#getCallbackUrl returning HTTP URLs instead of HTTPS
Posted by Martin Grigorov <mg...@apache.org>.
Hi,
Can you put a breakpoint at
https://github.com/apache/wicket/blob/wicket-9.x/wicket-core/src/main/java/org/apache/wicket/protocol/http/servlet/ServletWebResponse.java#L176
(#encodeURL(Url)) and see what is going on?
Wicket should return a relative url and let the browser resolve it to full.
On Mon, Mar 18, 2024 at 7:35 PM Tomasz Pluskiewicz <to...@t-code.pl.invalid>
wrote:
> Hello
>
> I’m troubleshooting a problem which suddenly appeared on my instance of
> INCEpTION [1]. It is using wicket 9.16
>
> I am running behind a reverse proxy and seemingly out of the blue page
> navigation goes over HTTPS-HTTP-HTTPS redirects [2]. Alone, that would not
> be an issue but the application sends some URLs constructed by wicket [2]
> to fetch and they fail security checks in the browser.
>
> I tracked them to AbstractAjaxBehavior#getCallbackUrl but am at a loss as
> to why the returned URLs are not HTTPS…
>
> The server is running a managed nginx on cloud66.com. It is doing SSL
> termination as expected, adding the X-Forwarded-* headers. I’ve been
> running a number of apps there and never had this kind of problems.
> Strangest part is that initially the app worked fine and this started
> happening only after some time, with no apparent reason that I con think of
> in terms of server reconfiguration etc.
>
> Thanks,
> Tom
>
> [1]: https://github.com/inception-project/inception
> [2]: https://github.com/inception-project/inception/issues/4630
> [3]:
> https://github.com/inception-project/inception/blob/inception-31.3/inception/inception-pdf-editor2/src/main/java/de/tudarmstadt/ukp/inception/pdfeditor2/view/PdfDocumentIFrameView.java#L165-L166
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>