Tanks for confirmation on this! What about make note on this in the documentation https://tapestry.apache.org/security.html?
It's not obvious that X-Forwarded-Proto="https" should be set in the TLS termination proxy. Other X-Forwarded- is often set default in the proxy, like X-Forwarded-For. And the tapestry.secure-enabled = false. Web sites need to be encrypted in the future to work in Chrome, Firefox… Google Will Soon Shame All Websites That Are Unencrypted http://motherboard.vice.com/read/google-will-soon-shame-all-websites-that-are-unencrypted-chrome-https. GeoLocation stopped to work I Chrome for desktop and Android, so I had to use encryption. From: Chris Poulsen [via Apache Tapestry Mailing List Archives] [mailto:ml-node+s1045711n5732784...@n5.nabble.com] Sent: 22. juli 2016 11:35 To: Svein-Erik Løken <sv...@jacilla.no> Subject: Re: TLS termination proxy and Tapestry We are always setting tapestry.secure-enabled = false -- Chris On Fri, Jul 22, 2016 at 11:29 AM, Dimitris Zenios <[hidden email]</user/SendEmail.jtp?type=node&node=5732784&i=0> > wrote: > When i am doing ssl out of the servlet container (eg jetty,apache etc) i > always set secure enables to false. > > On 21 Jul 2016 12:07, "Svein-Erik Løken" <[hidden > email]</user/SendEmail.jtp?type=node&node=5732784&i=1>> wrote: > > > Using HAProxy or Apache HTTP Server as a TLS termination proxy I found > > that setting X-Forwarded-Proto="https" in the header on the proxy > > org.apache.tapestry5.services.Request::isSecure returns true . That's > good! > > In tapestry.production-mode=true I am getting absolute URLs. E.g. > > http://example.com/index.mycompo.form. > > By setting -Dtapestry.secure-enabled=false seems to solve this. Now I am > > getting a relative URL. (/index.mycompo.form). > > I can see that with X-Forwarded-Proto="https" set, > > org.apache.tapestry5.internal.services. > > RequestSecurityManager::checkPageSecurity returns LinkSecurity.SECURE. > > That's good! > > > > For me it seems that this is the correct solution, but I find it nice if > > some tapestry experts can confirm this! > > > > > ________________________________ If you reply to this email, your message will be added to the discussion below: http://apache-tapestry-mailing-list-archives.1045711.n5.nabble.com/TLS-termination-proxy-and-Tapestry-tp5732774p5732784.html To unsubscribe from users@tapestry.apache.org<mailto:users@tapestry.apache.org> Mailing List Archives, click here<http://apache-tapestry-mailing-list-archives.1045711.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=2375125&code=c3ZlaW5AamFjaWxsYS5ub3wyMzc1MTI1fC0xNTM4NzY2ODg4>. NAML<http://apache-tapestry-mailing-list-archives.1045711.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
