My feeling is that it's for SSL/HTTPS set up in Jetty/Tomcat etc (no proxy in
front needed) use:
public void contributeMetaDataLocator(MappedConfiguration
configuration) {
configuration.add(MetaDataConstants.SECURE_PAGE, "true");
}
-- or secure pages with annotation:
@Secure
Forgot to mention that i also have tapestry.security-enabled= false in my
app setings
On Fri, Jul 22, 2016 at 3:50 PM, Dimitris Zenios
wrote:
> This is a snippet of nginx configuration that proxies the request to
> jetty on port 8080.Via this configuration i am able to have ssl and non ssl
> ve
This is a snippet of nginx configuration that proxies the request to jetty
on port 8080.Via this configuration i am able to have ssl and non ssl
versions of the tapestry application.If i want to enforce only ssl version
of tapestry i enforce it via nginx.Hope that was helpful
location / {
With my configuration with -Dtapestry.secure-enabled=true the private String
org.apache.tapestry5.internal.services. LinkImpl::buildURI(LinkSecurity
security) return the absolute URI.
Using:
public void contributeMetaDataLocator(MappedConfiguration configuration) {
con
It has been a while since we looked into this, but as far as I can remember
we needed SECURE_ENABLED=false in order to have our apps supporting both
http and https at the same time. None of our app servers are configured to
use ssl that is always handled before the requests hit tapestry.
--
Chris
When you say you are avoiding absolute URLs, where have you noticed this? I
can’t recall this being a problem.
Now, I’m no expert on this kind of configuration, and its a while since I set
this all up, so forgive me if I have my wires crossed. Also, our site’s load is
small so far but growing s
Tanks for confirmation on this!
What about make note on this in the documentation
https://tapestry.apache.org/security.html?
It's not obvious that X-Forwarded-Proto="https" should be set in the TLS
termination proxy. Other X-Forwarded- is often set default in the proxy, like
X-Forwarded-For.
We are always setting tapestry.secure-enabled = false
--
Chris
On Fri, Jul 22, 2016 at 11:29 AM, Dimitris Zenios wrote:
> When i am doing ssl out of the servlet container (eg jetty,apache etc) i
> always set secure enables to false.
>
> On 21 Jul 2016 12:07, "Svein-Erik Løken" wrote:
>
> > Us
When i am doing ssl out of the servlet container (eg jetty,apache etc) i
always set secure enables to false.
On 21 Jul 2016 12:07, "Svein-Erik Løken" wrote:
> Using HAProxy or Apache HTTP Server as a TLS termination proxy I found
> that setting X-Forwarded-Proto="https" in the header on the prox