[Hippo-cms7-user] doAction, PRG and HTTPS

Zandt, Paul van der paul.vander.zandt at capgemini.com
Wed Dec 12 17:26:30 CET 2012


Make it a +1 for me too. We've been struggling with the same issue.

Paul.
________________________________________
Van: hippo-cms7-user-bounces at lists.onehippo.org [hippo-cms7-user-bounces at lists.onehippo.org] namens Ard Schrijvers [a.schrijvers at onehippo.com]
Verzonden: woensdag 12 december 2012 16:38
To: Hippo CMS 7 implementation list
Onderwerp: Re: [Hippo-cms7-user] doAction, PRG and HTTPS

On Wed, Dec 12, 2012 at 3:24 PM, Woonsan Ko <w.ko at onehippo.com> wrote:
> Hi Wouter,
>
> By default, ActionValve tries to generate an absolute URL for redirection
> after processing the action phase. ActionValve has an option to use the
> relative path instead.
> For example, you can redefine the action valve with the property,
> "alwaysRedirectLocationToAbsoluteUrl", like this:
>
>   <bean id="actionValve" parent="abstractValve"
> class="org.hippoecm.hst.core.container.ActionValve">
>     <property name="alwaysRedirectLocationToAbsoluteUrl" value="false" />
>   </bean>
>
> If you choose the option with relative path redirection, the redirect path
> will contain the servlet context path (e.g., '/site'), so you'll probably
> need to configure the proxy configuration with more options between httpd
> and tomcat.
>
> If you are using https directly to tomcat, then I think there's one thing we
> can improve in ActionVavle:
>
>     String absoluteRedirectUrl =
> requestContext.getVirtualHost().getBaseURL(servletRequest) + location;
>
> Maybe ActionValve could have read the request scheme (http or https) instead
> of reading the virtual host configuration.

Ah sry Woonsan, I just only now see that you also refer to getBaseURL
: I think we could change the getBaseURL impl to return the request
scheme as done by Wouter instead of taking it from the virtualhost
config

WDYT?

Regards Ard

>
> Regards,
>
> Woonsan
>
>
>
> On 12/12/12 5:21 AM, Wouter Danes wrote:
>>
>> Hi all,
>>
>> I have a page on HTTPS and I use a doAction to add an object.
>>
>> After that, the originating page is rendered again.
>>
>> Now, Hippo appears to do the following:
>>
>> -Post the request over HTTPS
>>
>> -Redirect to a Get over HTTP
>>
>> -Then my site says “Hey, I should be on HTTPS, let’s redirect to HTTPS”.
>>
>>
>> I would expect a redirect without a protocol or over HTTPS when the
>> initial POST is over HTTPS, is this possible?
>>
>> Met vriendelijke groet / Yours sincerely,
>>
>> ---
>>
>> Wouter Danes
>>
>> Competence Manager Hippo / Java / Alfresco
>>
>> Hinttech
>>
>> T: +31 6 1158 8264
>>
>> E: wouter.danes at hinttech.com <mailto:wouter.danes at hinttech.com>
>>
>> @wouterdanes
>>
>>
>>
>> _______________________________________________
>> Hippo-cms7-user mailing list and forums
>> http://www.onehippo.org/cms7/support/forums.html
>>
>
>
> --
> w.ko at onehippo.com     www.onehippo.com
> Boston - 1 Broadway, Cambridge, MA 02142
> Amsterdam - Oosteinde 11, 1017 WT Amsterdam
> US +1 877 414 4776 (toll free)
> Europe +31(0)20 522 4466
> _______________________________________________
> Hippo-cms7-user mailing list and forums
> http://www.onehippo.org/cms7/support/forums.html



--
Amsterdam - Oosteinde 11, 1017 WT Amsterdam
Boston - 1 Broadway, Cambridge, MA 02142

US +1 877 414 4776 (toll free)
Europe +31(0)20 522 4466
www.onehippo.com
_______________________________________________
Hippo-cms7-user mailing list and forums
http://www.onehippo.org/cms7/support/forums.html
This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.



More information about the Hippo-cms7-user mailing list