On the other hand
in case someone will need HTTPS quickstart he/she need to write lots
of stuff
On Wed, Jan 17, 2018 at 1:43 AM, Pedro Santos wrote:
>> The quickstart itself is stateless, so no sessions/cookies are created.
>
> Good point, one can even never navigate
> The quickstart itself is stateless, so no sessions/cookies are created.
Good point, one can even never navigate to the self signed certificate
error page.
Even so, it sounds a good idea for me to remove such unnecessary complexity
(HTTPS setup) for newcomers.
> Any code added by the developer
On Tue, Jan 16, 2018 at 4:33 PM, Pedro Santos wrote:
> +0
>
> Sounds a good idea since the quickstart is the fist contact most of new
> users will have with Wicket. It makes sense to keep is as simple as
> possible, focusing on showcasing components like WebPage, Label.
>
>
+0
Sounds a good idea since the quickstart is the fist contact most of new
users will have with Wicket. It makes sense to keep is as simple as
possible, focusing on showcasing components like WebPage, Label.
Also the HTTPS configuration can easily go wrong as it will set a secure
cookie on the
-1
I agree, application servers, such as WildFly provide similar solutions. By
default WildFly will generate a self-signed certificate for the https/h2
listener.
Emond
On dinsdag 16 januari 2018 05:10:32 CET Maxim Solodovnik wrote:
> -1
>
> I believe it's good to have HTTPS configuration
-1
I believe it's good to have HTTPS configuration ready for the tests.
It is impossible to provide non-self-signed, so IMO security warning
is OK here
On Mon, Jan 15, 2018 at 3:42 AM, Martin Grigorov wrote:
> -1
>
> The current setup makes it easier to debug HTTPS related
-1
The current setup makes it easier to debug HTTPS related issues.
I, personally, do not want to deal with openssl, keytool and
jetty-https.xml just to debug an issue in HttpsMapper or related code.
A user can use http://localhost if (s)he doesn't want to accept self signed
certs.
My 2c.
On
The quick start uses a self signed certificate that gives errors in
browsers and requires folks to accept the certificate in their trust
chain.
I suggest we remove the secure layer part from our quickstart just to
make sure we don't train our users to accept any certificate. WDYT?
Martijn