Hi Thiago,
I could create a simple project with the problem, but I only know to reproduce
it on production mode with my valid https certificate, in localhost I don’t
know how to configure jetty to try it.
However I have fixed the problem. I only use event links to AJAX interactions,
so in my AppModule I decorate ComponentEventLinkEncoder as below:
public ComponentEventLinkEncoder decorateComponentEventLinkEncoder(
final Request request,
final ComponentEventLinkEncoder oldHandler) {
return new ComponentEventLinkEncoder() {
@Override
public Link createPageRenderLink(final
PageRenderRequestParameters parameters) {
return
oldHandler.createPageRenderLink(parameters);
}
@Override
public Link createComponentEventLink(final
ComponentEventRequestParameters parameters, final boolean forForm) {
final Link link =
oldHandler.createComponentEventLink(parameters, forForm);
if (request.isSecure()) {
link.setSecurity(LinkSecurity.FORCE_SECURE);
}
return link;
}
@Override
public ComponentEventRequestParameters
decodeComponentEventRequest(final Request request) {
return
oldHandler.decodeComponentEventRequest(request);
}
@Override
public PageRenderRequestParameters
decodePageRenderRequest(final Request request) {
return
oldHandler.decodePageRenderRequest(request);
}
};
}
And everything works fine for me. This solution is valid but it isn´t the best
(I think that if a Evenlink is not AJAX and the page is not @Secure, you will
generate an https request that it isn´t necessary).
I think the solution is modify the Components because they know when they are
async or with Zone param. For example, for EventLink would be fixed as below:
"EventLink extends AbstractComponentEventLink so we have to modify
AbstractComponentEventLink”
public abstract class AbstractComponentEventLink extends AbstractLink{
...
void beginRender(MarkupWriter writer)
{
if (isDisabled()) return;
Link link = createLink(context);
if (request.isSecure() && (async || zone != null)){
link.setSecurity(LinkSecurity.FORCE_SECURE);
}
writeLink(writer, link);
writer.attributes("data-update-zone", zone);
if (async)
{
javaScriptSupport.require("t5/core/zone");
writer.attributes("data-async-trigger", true);
}
}
I’m busy with a deadline now, but in some weeks I can create the sample project
if you want Thiago.
Regards
Carlos Montero
http://dev.carlosmontero.es <http://dev.carlosmontero.es/>
> El 2/9/2016, a las 14:13, Thiago H de Paula Figueiredo <thiag...@gmail.com>
> escribió:
>
> On Tue, 30 Aug 2016 20:04:58 -0300, Carlos Montero Canabal
> <carlosmonterocana...@gmail.com <mailto:carlosmonterocana...@gmail.com>>
> wrote:
>
> I have configured my webapp with @Secure on pages who need it. But I have a
> problem when I write manually the URL on browser. If I write https on not
> @Secure page, the links (actionLinks with t:zone or t:async for ajax
> support) created by tapestry starts with http and browsers blocked the
> content when I click on them. Any solution? (Yes, I would host all my webapp
> on https). I think that it is a bug, and Tapestry would see that the request
> is secure and generate the ajax links secured too.
>
> Olá, Carlos!
>
> Yeah, this is indeed a bug. Could you please create a small project which
> demonstrates this bug and attach it to a new Jira ticket? Thanks in advance.
> :)
>
>
> Regards
>
> Carlos Montero
>
>
>
> --
> Thiago H. de Paula Figueiredo
> Tapestry, Java and Hibernate consultant and developer
> http://machina.com.br <http://machina.com.br/>
