Permalink
Browse files

TAP5-874: Form component should be able to render a secure URL even o…

…n an insecure page

git-svn-id: https://svn.apache.org/repos/asf/tapestry/tapestry5/trunk@1025791 13f79535-47bb-0310-9956-ffa450edef68
  • Loading branch information...
hlship committed Oct 20, 2010
1 parent b5ca95d commit 731ddedc11870459e60a7e97bab78850011048a8
Showing with 17 additions and 1 deletion.
  1. +17 −1 tapestry-core/src/main/java/org/apache/tapestry5/corelib/components/Form.java
@@ -190,6 +190,16 @@
@Parameter(defaultPrefix = BindingConstants.LITERAL)
private String zone;
+ /**
+ * If true, then the Form's action will be secure (using an absolute URL with the HTTPs scheme) regardless
+ * of whether the containing page itself is secure or not. This parameter does nothing
+ * when {@linkplain SymbolConstants#SECURE_ENABLED security is disabled} (which is often
+ * the case in development mode). This only affects how the Form's action attribute is rendered, there is
+ * not (currently) a check that the form is actually submitted securely.
+ */
+ @Parameter
+ private boolean secure;
+
/**
* Prefix value used when searching for validation messages and constraints.
* The default is the Form component's
@@ -238,6 +248,10 @@
@Persist(PersistenceConstants.FLASH)
private ValidationTracker defaultTracker;
+ @Inject
+ @Symbol(SymbolConstants.SECURE_ENABLED)
+ private boolean secureEnabled;
+
private InternalFormSupport formSupport;
private Element form;
@@ -354,6 +368,8 @@ void beginRender(MarkupWriter writer)
{
Link link = resources.createFormEventLink(EventConstants.ACTION, context);
+ String actionURL = secure && secureEnabled ? link.toAbsoluteURI(true) : link.toURI();
+
actionSink = new ComponentActionSink(logger, clientDataEncoder);
clientId = javascriptSupport.allocateClientId(resources);
@@ -394,7 +410,7 @@ void beginRender(MarkupWriter writer)
// Save the form element for later, in case we want to write an encoding
// type attribute.
- form = writer.element("form", "id", clientId, "method", "post", "action", link);
+ form = writer.element("form", "id", clientId, "method", "post", "action", actionURL);
if ((zone != null || clientValidation) && !request.isXHR())
writer.attributes("onsubmit", MarkupConstants.WAIT_FOR_PAGE);

0 comments on commit 731dded

Please sign in to comment.