[ https://issues.apache.org/jira/browse/TAP5-1511?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13129100#comment-13129100 ]
Howard M. Lewis Ship commented on TAP5-1511: -------------------------------------------- Why would security be disabled in a production application? The intent of disabling security is to prevent unwanted http/https handover requests in development. > RequestSecurityManager#checkPageSecurity should return request security insed > of INSECURE in case when security is disabled > --------------------------------------------------------------------------------------------------------------------------- > > Key: TAP5-1511 > URL: https://issues.apache.org/jira/browse/TAP5-1511 > Project: Tapestry 5 > Issue Type: Bug > Components: tapestry-core > Affects Versions: 5.2.5 > Reporter: Alexander Gavrilov > > In current version unless security is enabled > RequestSecurityManager#checkPageSecurity always returns > LinkSecurity.INSECURE. > It could be better to return LinkSecurity.SECURE or LinkSecurity.INSECURE > depends on request security flag. > {code:java} > if (!securityEnabled) > return request.isSecure() ? LinkSecurity.SECURE : > LinkSecurity.INSECURE; > {code} > For now even if request to application is come by https tapestry generate > http urls for getAbsolueURL call. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira