This is an automated email from the ASF dual-hosted git repository.
markt-asf pushed a commit to branch 11.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/11.0.x by this push:
new af6cfb31ac Improve docs for scheme and secure on Connector
af6cfb31ac is described below
commit af6cfb31acfdbc7eca5f26463fbf88c32cc60b54
Author: Mark Thomas <[email protected]>
AuthorDate: Thu Jun 4 15:56:54 2026 +0100
Improve docs for scheme and secure on Connector
---
.../apache/catalina/connector/CoyoteAdapter.java | 5 +++--
webapps/docs/changelog.xml | 6 ++++-
webapps/docs/config/ajp.xml | 26 +++++++++++++---------
webapps/docs/config/http.xml | 26 +++++++++++++---------
4 files changed, 40 insertions(+), 23 deletions(-)
diff --git a/java/org/apache/catalina/connector/CoyoteAdapter.java
b/java/org/apache/catalina/connector/CoyoteAdapter.java
index b36eed5a31..08ab9850b2 100644
--- a/java/org/apache/catalina/connector/CoyoteAdapter.java
+++ b/java/org/apache/catalina/connector/CoyoteAdapter.java
@@ -562,8 +562,9 @@ public class CoyoteAdapter implements Adapter {
Response response) throws IOException, ServletException {
/*
- * If the processor has set the scheme (AJP and HTTP/2 do this,
HTTP/1.x does this if SSL is enabled), use this
- * to set the secure flag as well. If the processor hasn't set it, use
the settings from the connector.
+ * If the processor has set the scheme (HTTP/2 does this, AJP does
this if is_ssl is set and HTTP/1.x does this
+ * if SSL is enabled), use this to set the secure flag as well. If the
processor hasn't set it, use the settings
+ * from the connector.
*/
if (req.scheme().isNull()) {
// Use connector scheme and secure configuration, (defaults to
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index eebcc87f72..9d36959c82 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -358,9 +358,13 @@
manager servlet. (remm)
</fix>
<fix>
- Manager. Ensure automatic deployment does not trigger an undeployment
+ Manager: Ensure automatic deployment does not trigger an undeployment
during a Manager triggered web application reload. (markt)
</fix>
+ <fix>
+ Documentation: Provide better documentation for the <code>scheme</code>
+ and <code>secure</code> attributes of a Connector. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Other">
diff --git a/webapps/docs/config/ajp.xml b/webapps/docs/config/ajp.xml
index f9fa033c69..086596bfc7 100644
--- a/webapps/docs/config/ajp.xml
+++ b/webapps/docs/config/ajp.xml
@@ -309,20 +309,26 @@
</attribute>
<attribute name="scheme" required="false">
- <p>Set this attribute to the name of the protocol you wish to have
- returned by calls to <code>request.getScheme()</code>. For
- example, you would set this attribute to "<code>https</code>"
- for an SSL Connector. The default value is "<code>http</code>".
+ <p>Ignored if the <code>is_ssl</code> attribute is set in the
+ <code>AJP13_FORWARD_REQUEST</code> message. If <code>is_ssl</code> is
set,
+ scheme is always set to <code>https</code>.
+ </p>
+ <p>Otherwise, set this attribute to the name of the protocol you wish to
+ have returned by calls to <code>request.getScheme()</code>. The default
+ value is <code>http</code>.
</p>
</attribute>
<attribute name="secure" required="false">
- <p>Set this attribute to <code>true</code> if you wish to have
- calls to <code>request.isSecure()</code> to return <code>true</code>
- for requests received by this Connector. You would want this on an
- SSL Connector or a non SSL connector that is receiving data from a
- SSL accelerator, like a crypto card, an SSL appliance or even a
webserver.
- The default value is <code>false</code>.</p>
+ <p>Ignored if the <code>is_ssl</code> attribute is set in the
+ <code>AJP13_FORWARD_REQUEST</code> message. If <code>is_ssl</code> is
set,
+ secure is always set to <code>true</code>.
+ </p>
+ <p>Otherwise, set this attribute to <code>true</code> if you wish to have
+ calls to <code>request.isSecure()</code> to return <code>true</code> for
+ requests received by this Connector. The default value is
+ <code>false</code>.
+ </p>
</attribute>
<attribute name="URIEncoding" required="false">
diff --git a/webapps/docs/config/http.xml b/webapps/docs/config/http.xml
index 8341b7a0a5..ddf83426b9 100644
--- a/webapps/docs/config/http.xml
+++ b/webapps/docs/config/http.xml
@@ -304,20 +304,26 @@
</attribute>
<attribute name="scheme" required="false">
- <p>Set this attribute to the name of the protocol you wish to have
- returned by calls to <code>request.getScheme()</code>. For
- example, you would set this attribute to "<code>https</code>"
- for an SSL Connector. The default value is "<code>http</code>".
+ <p>Ignored if <code>SSLEnabled</code> is <code>true</code>. If
+ <code>SSLEnabled</code> is set, scheme is always set to
+ <code>https</code>.
+ </p>
+ <p>Otherwise, set this attribute to the name of the protocol you wish to
+ have returned by calls to <code>request.getScheme()</code>. The default
+ value is <code>http</code>.
</p>
</attribute>
<attribute name="secure" required="false">
- <p>Set this attribute to <code>true</code> if you wish to have
- calls to <code>request.isSecure()</code> to return <code>true</code>
- for requests received by this Connector. You would want this on an
- SSL Connector or a non SSL connector that is receiving data from a
- SSL accelerator, like a crypto card, an SSL appliance or even a
webserver.
- The default value is <code>false</code>.</p>
+ <p>Ignored if <code>SSLEnabled</code> is <code>true</code>. If
+ <code>SSLEnabled</code> is set, secure is always set to
+ <code>true</code>.
+ </p>
+ <p>Otherwise, set this attribute to <code>true</code> if you wish to have
+ calls to <code>request.isSecure()</code> to return <code>true</code> for
+ requests received by this Connector. The default value is
+ <code>false</code>.
+ </p>
</attribute>
<attribute name="strictSni" required="false">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
