Hi, Can you put a breakpoint at https://github.com/apache/wicket/blob/wicket-9.x/wicket-core/src/main/java/org/apache/wicket/protocol/http/servlet/ServletWebResponse.java#L176 (#encodeURL(Url)) and see what is going on? Wicket should return a relative url and let the browser resolve it to full.
On Mon, Mar 18, 2024 at 7:35 PM Tomasz Pluskiewicz <tom...@t-code.pl.invalid> wrote: > Hello > > I’m troubleshooting a problem which suddenly appeared on my instance of > INCEpTION [1]. It is using wicket 9.16 > > I am running behind a reverse proxy and seemingly out of the blue page > navigation goes over HTTPS-HTTP-HTTPS redirects [2]. Alone, that would not > be an issue but the application sends some URLs constructed by wicket [2] > to fetch and they fail security checks in the browser. > > I tracked them to AbstractAjaxBehavior#getCallbackUrl but am at a loss as > to why the returned URLs are not HTTPS… > > The server is running a managed nginx on cloud66.com. It is doing SSL > termination as expected, adding the X-Forwarded-* headers. I’ve been > running a number of apps there and never had this kind of problems. > Strangest part is that initially the app worked fine and this started > happening only after some time, with no apparent reason that I con think of > in terms of server reconfiguration etc. > > Thanks, > Tom > > [1]: https://github.com/inception-project/inception > [2]: https://github.com/inception-project/inception/issues/4630 > [3]: > https://github.com/inception-project/inception/blob/inception-31.3/inception/inception-pdf-editor2/src/main/java/de/tudarmstadt/ukp/inception/pdfeditor2/view/PdfDocumentIFrameView.java#L165-L166 > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > >