This is an automated email from the ASF dual-hosted git repository.
markt-asf pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new 91991ba92c Improve docs for scheme and secure on Connector
91991ba92c is described below
commit 91991ba92ccc4d4415bc97fb8429705d433b1345
Author: Mark Thomas <[email protected]>
AuthorDate: Thu Jun 4 15:56:54 2026 +0100
Improve docs for scheme and secure on Connector
---
.../apache/catalina/connector/CoyoteAdapter.java | 5 +++--
webapps/docs/changelog.xml | 6 ++++-
webapps/docs/config/ajp.xml | 26 +++++++++++++---------
webapps/docs/config/http.xml | 26 +++++++++++++---------
4 files changed, 40 insertions(+), 23 deletions(-)
diff --git a/java/org/apache/catalina/connector/CoyoteAdapter.java
b/java/org/apache/catalina/connector/CoyoteAdapter.java
index e85708051f..50a36e3c11 100644
--- a/java/org/apache/catalina/connector/CoyoteAdapter.java
+++ b/java/org/apache/catalina/connector/CoyoteAdapter.java
@@ -565,8 +565,9 @@ public class CoyoteAdapter implements Adapter {
Response response) throws IOException, ServletException {
/*
- * If the processor has set the scheme (AJP and HTTP/2 do this,
HTTP/1.x does this if SSL is enabled), use this
- * to set the secure flag as well. If the processor hasn't set it, use
the settings from the connector.
+ * If the processor has set the scheme (HTTP/2 does this, AJP does
this if is_ssl is set and HTTP/1.x does this
+ * if SSL is enabled), use this to set the secure flag as well. If the
processor hasn't set it, use the settings
+ * from the connector.
*/
if (req.scheme().isNull()) {
// Use connector scheme and secure configuration, (defaults to
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 5234729643..98eaddd34c 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -351,9 +351,13 @@
manager servlet. (remm)
</fix>
<fix>
- Manager. Ensure automatic deployment does not trigger an undeployment
+ Manager: Ensure automatic deployment does not trigger an undeployment
during a Manager triggered web application reload. (markt)
</fix>
+ <fix>
+ Documentation: Provide better documentation for the <code>scheme</code>
+ and <code>secure</code> attributes of a Connector. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Other">
diff --git a/webapps/docs/config/ajp.xml b/webapps/docs/config/ajp.xml
index acc741d39e..66f82ce855 100644
--- a/webapps/docs/config/ajp.xml
+++ b/webapps/docs/config/ajp.xml
@@ -317,20 +317,26 @@
</attribute>
<attribute name="scheme" required="false">
- <p>Set this attribute to the name of the protocol you wish to have
- returned by calls to <code>request.getScheme()</code>. For
- example, you would set this attribute to "<code>https</code>"
- for an SSL Connector. The default value is "<code>http</code>".
+ <p>Ignored if the <code>is_ssl</code> attribute is set in the
+ <code>AJP13_FORWARD_REQUEST</code> message. If <code>is_ssl</code> is
set,
+ scheme is always set to <code>https</code>.
+ </p>
+ <p>Otherwise, set this attribute to the name of the protocol you wish to
+ have returned by calls to <code>request.getScheme()</code>. The default
+ value is <code>http</code>.
</p>
</attribute>
<attribute name="secure" required="false">
- <p>Set this attribute to <code>true</code> if you wish to have
- calls to <code>request.isSecure()</code> to return <code>true</code>
- for requests received by this Connector. You would want this on an
- SSL Connector or a non SSL connector that is receiving data from a
- SSL accelerator, like a crypto card, an SSL appliance or even a
webserver.
- The default value is <code>false</code>.</p>
+ <p>Ignored if the <code>is_ssl</code> attribute is set in the
+ <code>AJP13_FORWARD_REQUEST</code> message. If <code>is_ssl</code> is
set,
+ secure is always set to <code>true</code>.
+ </p>
+ <p>Otherwise, set this attribute to <code>true</code> if you wish to have
+ calls to <code>request.isSecure()</code> to return <code>true</code> for
+ requests received by this Connector. The default value is
+ <code>false</code>.
+ </p>
</attribute>
<attribute name="URIEncoding" required="false">
diff --git a/webapps/docs/config/http.xml b/webapps/docs/config/http.xml
index 8f3efdd10c..b85d42838d 100644
--- a/webapps/docs/config/http.xml
+++ b/webapps/docs/config/http.xml
@@ -312,20 +312,26 @@
</attribute>
<attribute name="scheme" required="false">
- <p>Set this attribute to the name of the protocol you wish to have
- returned by calls to <code>request.getScheme()</code>. For
- example, you would set this attribute to "<code>https</code>"
- for an SSL Connector. The default value is "<code>http</code>".
+ <p>Ignored if <code>SSLEnabled</code> is <code>true</code>. If
+ <code>SSLEnabled</code> is set, scheme is always set to
+ <code>https</code>.
+ </p>
+ <p>Otherwise, set this attribute to the name of the protocol you wish to
+ have returned by calls to <code>request.getScheme()</code>. The default
+ value is <code>http</code>.
</p>
</attribute>
<attribute name="secure" required="false">
- <p>Set this attribute to <code>true</code> if you wish to have
- calls to <code>request.isSecure()</code> to return <code>true</code>
- for requests received by this Connector. You would want this on an
- SSL Connector or a non SSL connector that is receiving data from a
- SSL accelerator, like a crypto card, an SSL appliance or even a
webserver.
- The default value is <code>false</code>.</p>
+ <p>Ignored if <code>SSLEnabled</code> is <code>true</code>. If
+ <code>SSLEnabled</code> is set, secure is always set to
+ <code>true</code>.
+ </p>
+ <p>Otherwise, set this attribute to <code>true</code> if you wish to have
+ calls to <code>request.isSecure()</code> to return <code>true</code> for
+ requests received by this Connector. The default value is
+ <code>false</code>.
+ </p>
</attribute>
<attribute name="strictSni" required="false">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
