Re: Quick start and https/TLS/SSL

On the other hand in case someone will need HTTPS quickstart he/she need to write lots of stuff On Wed, Jan 17, 2018 at 1:43 AM, Pedro Santos wrote: >> The quickstart itself is stateless, so no sessions/cookies are created. > > Good point, one can even never navigate

Re: Quick start and https/TLS/SSL

> The quickstart itself is stateless, so no sessions/cookies are created. Good point, one can even never navigate to the self signed certificate error page. Even so, it sounds a good idea for me to remove such unnecessary complexity (HTTPS setup) for newcomers. > Any code added by the developer

Re: Quick start and https/TLS/SSL

On Tue, Jan 16, 2018 at 4:33 PM, Pedro Santos wrote: > +0 > > Sounds a good idea since the quickstart is the fist contact most of new > users will have with Wicket. It makes sense to keep is as simple as > possible, focusing on showcasing components like WebPage, Label. > >

Re: Quick start and https/TLS/SSL

+0 Sounds a good idea since the quickstart is the fist contact most of new users will have with Wicket. It makes sense to keep is as simple as possible, focusing on showcasing components like WebPage, Label. Also the HTTPS configuration can easily go wrong as it will set a secure cookie on the

Re: Quick start and https/TLS/SSL

-1 I agree, application servers, such as WildFly provide similar solutions. By default WildFly will generate a self-signed certificate for the https/h2 listener. Emond On dinsdag 16 januari 2018 05:10:32 CET Maxim Solodovnik wrote: > -1 > > I believe it's good to have HTTPS configuration

Re: Quick start and https/TLS/SSL

-1 I believe it's good to have HTTPS configuration ready for the tests. It is impossible to provide non-self-signed, so IMO security warning is OK here On Mon, Jan 15, 2018 at 3:42 AM, Martin Grigorov wrote: > -1 > > The current setup makes it easier to debug HTTPS related

Re: Quick start and https/TLS/SSL

-1 The current setup makes it easier to debug HTTPS related issues. I, personally, do not want to deal with openssl, keytool and jetty-https.xml just to debug an issue in HttpsMapper or related code. A user can use http://localhost if (s)he doesn't want to accept self signed certs. My 2c. On

Quick start and https/TLS/SSL

The quick start uses a self signed certificate that gives errors in browsers and requires folks to accept the certificate in their trust chain. I suggest we remove the secure layer part from our quickstart just to make sure we don't train our users to accept any certificate. WDYT? Martijn