We are always setting tapestry.secure-enabled = false -- Chris
On Fri, Jul 22, 2016 at 11:29 AM, Dimitris Zenios <dimitris.zen...@gmail.com > wrote: > When i am doing ssl out of the servlet container (eg jetty,apache etc) i > always set secure enables to false. > > On 21 Jul 2016 12:07, "Svein-Erik Løken" <sv...@jacilla.no> wrote: > > > Using HAProxy or Apache HTTP Server as a TLS termination proxy I found > > that setting X-Forwarded-Proto="https" in the header on the proxy > > org.apache.tapestry5.services.Request::isSecure returns true . That's > good! > > In tapestry.production-mode=true I am getting absolute URLs. E.g. > > http://example.com/index.mycompo.form. > > By setting -Dtapestry.secure-enabled=false seems to solve this. Now I am > > getting a relative URL. (/index.mycompo.form). > > I can see that with X-Forwarded-Proto="https" set, > > org.apache.tapestry5.internal.services. > > RequestSecurityManager::checkPageSecurity returns LinkSecurity.SECURE. > > That's good! > > > > For me it seems that this is the correct solution, but I find it nice if > > some tapestry experts can confirm this! > > > > >
