Hello Bjorn,
if I understand well, your restlet-based app listens on port 80, and
receives requests with the "HTTP_X_FORWARDED_PROTO" header. In this cas,
you can add a filter which looks at the "org.restlet.http.headers"
attribute:
if you are using restlet 2.0, you code looks like
Form headers = (Form)
(request.getAttributes(HeaderConstants.ATTRIBUTE_HEADERS));
headers.getFirstValue("HTTP_X_FORWARDED_PROTO");
Using Restlet 2.1, it looks like :
Series<Header> headers = (Series<Header>)
(request.getAttributes(HeaderConstants.ATTRIBUTE_HEADERS));
headers.getFirstValue("HTTP_X_FORWARDED_PROTO");
Does it anser your question?
Best regards,
Thierry Boileau
I have a restlet-based app running on heroku that I want to use SSL. Heroku
> has a "piggyback" option which processes SSL connections for you. As far as
> I can tell, it works like this: Heroku processes the SSL connection, and
> redirects the call to a normal, unencrypted connection on port 80 and sets
> HTTP_X_FORWARDED_PROTO header to https. (I assume that incoming calls with
> HTTP_X_FORWARDED_PROTO are stripped.)
>
> This works fine for allowing https, but I want to require it. I see the
> Redirector class, but it's not clear to me if I can use this class to solve
> this problem. Any suggestions? Thanks!
>
> bjorn
>
> PS I was previously running my app using GAE, which used a servlet
> container, so I could specify "CONFIDENTIAL" in web.xml. I am not using a
> servlet container anymore.
>
> ------------------------------------------------------
>
> http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2918332
>
------------------------------------------------------
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2919548
