Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

TAP5-874: Form component should be able to render a secure URL even o…

…n an insecure page

git-svn-id: https://svn.apache.org/repos/asf/tapestry/tapestry5/trunk@1025791 13f79535-47bb-0310-9956-ffa450edef68
  • Loading branch information...
commit 731ddedc11870459e60a7e97bab78850011048a8 1 parent b5ca95d
Howard M. Lewis Ship hlship authored
18 tapestry-core/src/main/java/org/apache/tapestry5/corelib/components/Form.java
@@ -191,6 +191,16 @@
191 191 private String zone;
192 192
193 193 /**
  194 + * If true, then the Form's action will be secure (using an absolute URL with the HTTPs scheme) regardless
  195 + * of whether the containing page itself is secure or not. This parameter does nothing
  196 + * when {@linkplain SymbolConstants#SECURE_ENABLED security is disabled} (which is often
  197 + * the case in development mode). This only affects how the Form's action attribute is rendered, there is
  198 + * not (currently) a check that the form is actually submitted securely.
  199 + */
  200 + @Parameter
  201 + private boolean secure;
  202 +
  203 + /**
194 204 * Prefix value used when searching for validation messages and constraints.
195 205 * The default is the Form component's
196 206 * id. This is overridden by {@link org.apache.tapestry5.corelib.components.BeanEditForm}.
@@ -238,6 +248,10 @@
238 248 @Persist(PersistenceConstants.FLASH)
239 249 private ValidationTracker defaultTracker;
240 250
  251 + @Inject
  252 + @Symbol(SymbolConstants.SECURE_ENABLED)
  253 + private boolean secureEnabled;
  254 +
241 255 private InternalFormSupport formSupport;
242 256
243 257 private Element form;
@@ -354,6 +368,8 @@ void beginRender(MarkupWriter writer)
354 368 {
355 369 Link link = resources.createFormEventLink(EventConstants.ACTION, context);
356 370
  371 + String actionURL = secure && secureEnabled ? link.toAbsoluteURI(true) : link.toURI();
  372 +
357 373 actionSink = new ComponentActionSink(logger, clientDataEncoder);
358 374
359 375 clientId = javascriptSupport.allocateClientId(resources);
@@ -394,7 +410,7 @@ void beginRender(MarkupWriter writer)
394 410 // Save the form element for later, in case we want to write an encoding
395 411 // type attribute.
396 412
397   - form = writer.element("form", "id", clientId, "method", "post", "action", link);
  413 + form = writer.element("form", "id", clientId, "method", "post", "action", actionURL);
398 414
399 415 if ((zone != null || clientValidation) && !request.isXHR())
400 416 writer.attributes("onsubmit", MarkupConstants.WAIT_FOR_PAGE);

0 comments on commit 731dded

Please sign in to comment.
Something went wrong with that request. Please try again.