cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sylvain Wallez <sylv...@apache.org>
Subject Re: Protocol switch in portals (was Re: furious anger: portal broken)
Date Tue, 20 Sep 2005 09:54:00 GMT
Carsten Ziegeler wrote:

>Sylvain Wallez wrote:
>  
>
>>I'm a total newbie on this matter, so that may be dumb questions. I 
>>don't see how absolutizing links allows this: the result of 
>>absolutization is that all links use the protocol that was used by the 
>>current request, i.e. if it's http than all links will use http and if 
>>it's https then all links will use https.
>>
>>It seems to me that the protocol to be used depends on the page that is 
>>to be displayed rather than where you come from to that page, no? 
>>Absolutization means that once you enter the site using a particular 
>>protocol, you always use that one. Or did I missed something?
>>
>>    
>>
>The LinkService accepts a boolean argument indicating if you want a
>secure link. If this is set to true then the service switches to https.
>  
>

Right. But AFAICS its never used. Do you have plans to update 
CopletTransformer or something?

>As I said yesterday, we could create relative links if the procotol is
>not changed, but there are cases where we need absolute links.
>  
>

Can you elaborate on use cases that need absolute links?

Shouldn't the default be to keep relative URLs unless some specific 
secure="true|false" attribute is specified on the link (i.e. the Boolean 
passed to LinkService is null)? That would allow the portal to run 
smoothly on deployments where ProxyPreserveHost or proxyHost have not 
been configured, or where the used server infrastructure doesn't support it.

And this leads to another question: what if the deployment uses 
httpd+mod_ssl that proxies to the servlet engine over http? The protocol 
seen by the servlet engine will be http, leading all links to be 
switched to an insecure protocol.

BTW, I guess there's a potential bug in DefaultLinkService, as the port 
number is added to the URL only if it's not 80, whereas https uses port 
443. That means that if you ever use https on port 80 (yeah I know it's 
weird), generated urls will use the default port, ie 443.

Sylvain

-- 
Sylvain Wallez                        Anyware Technologies
http://people.apache.org/~sylvain     http://www.anyware-tech.com
Apache Software Foundation Member     Research & Technology Director


Mime
View raw message