SSL

OK, I've got Seaside running behind Apache, responding to both http and
https via OpenSSL, but I'm running into a problem.  All the generated
url's are fully qualified, so though it'll respond to SSL, as soon as I
click something I'm thrown back into standard http.

I figured this had to be common, but after digging around in the
archives for a while, I've found nothing that panned out.  Now, I can
see that Server Protocol is set to http in the site configuration.  Can
a site only run in one mode or the other?  What if I only want two pages
to be secure for a checkout but the rest of the site unsecured?

I don't know, maybe it's just late and I'm making a simple mistake, but
I'm stumped, anyone know how to deal with this?

My current setup looks like...

<VirtualHost *:80>
        ServerAdmin [hidden email]
        ServerName www.sentorsa.com
        RewriteEngine On
        ProxyPreserveHost On
        RewriteCond C:/Inetpub/websites/%{REQUEST_FILENAME} !-f
        RewriteRule ^/(.*)$ http://www.sentorsa.com:94/seaside/site/$1
[P,L]
</VirtualHost>

<VirtualHost www.sentorsa.com:443>
        SSLEngine On
        SSLCertificateFile conf/ssl/www.sentorsa.com.cert
        SSLCertificateKeyFile conf/ssl/www.sentorsa.com.key
        RewriteEngine On
        ProxyPreserveHost On
        RewriteCond C:/Inetpub/websites/%{REQUEST_FILENAME} !-f
        RewriteRule ^/(.*)$ http://www.sentorsa.com:94/seaside/site/$1
[P,L]
</VirtualHost>

Seaside
  Base Path /
  Server Hostname www.sentorsa.com

        -- Ramon Leon
_______________________________________________
Seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside

On Apr 28, 2006, at 10:01 AM, Ramon Leon wrote:
>
> I don't know, maybe it's just late and I'm making a simple mistake,  
> but
> I'm stumped, anyone know how to deal with this?

Here's how I deal with this.  It's a bit hackish but it works.  In  
my :80 vhost, I have
ProxyVia Block

And then in the :443 vhost, I have
ProxyVia On

I can then check at the Seaside level whether the initial request was  
SSL or not simply by testing for the presence of the Via header, and  
generating URLs accordingly.

Cheers,
Avi
_______________________________________________
Seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside

Thanks, but can you share the code, or am I in for another night of
hacking trying to figure out how to modify seasides generated url root?
_______________________________________________
Seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside

On Apr 28, 2006, at 10:56 AM, Ramon Leon wrote:
>
> Thanks, but can you share the code, or am I in for another night of
> hacking trying to figure out how to modify seasides generated url  
> root?

These are from my WASession subclass:

actionUrlForKey: aString
        | url |
        url := super actionUrlForKey: aString.
        self useSSL ifTrue: [url scheme: #https; port: 443].
        ^ url
       
useSSL
        ^ (currentRequest headers includesKey: 'via')

Avi
_______________________________________________
Seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside

Now we're talking, sweet.  One question, this looks like it changes the
config, does this apply to this one request only, or is this actually
changing the app config?
_______________________________________________
Seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside

Never mind, dumb question, didn't read the code close enough before I
responded.
_______________________________________________
Seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside

 Hmm, that part works great, but css scripts are still imported via http resulting in warnings about unsecure elements.  I'll dig around see if I can find where to fix those, but if you're around, do tell.

________________________________

From: [hidden email] on behalf of Avi Bryant
Sent: Fri 4/28/2006 11:04 AM
To: The Squeak Enterprise Aubergines Server - general discussion.
Subject: Re: [Seaside] SSL




On Apr 28, 2006, at 10:56 AM, Ramon Leon wrote:
>
> Thanks, but can you share the code, or am I in for another night of
> hacking trying to figure out how to modify seasides generated url
> root?

These are from my WASession subclass:

actionUrlForKey: aString
        | url |
        url := super actionUrlForKey: aString.
        self useSSL ifTrue: [url scheme: #https; port: 443].
        ^ url
       
useSSL
        ^ (currentRequest headers includesKey: 'via')

Avi
_______________________________________________
Seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside



_______________________________________________
Seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside

Ok, replying to myself, Avi, what do you think of this.. I found
 
WARenderingContext>>urlForDocument: anObject mimeType: mimeType fileName: fileName
 ^ (self registry urlForRequestHandler:
  (WADocumentHandler
   document: anObject
   mimeType: mimeType
   fileName: fileName)) displayString
 
and changed it to...
 
WARenderingContext>>urlForDocument: anObject mimeType: mimeType fileName: fileName
 | uri |
 uri := (self registry urlForRequestHandler: (WADocumentHandler
   document: anObject
   mimeType: mimeType
   fileName: fileName)) .
 self useSSL ifTrue: [uri scheme: #https; port: 443].
 ^uri displayString
 
WARenderingContext>>useSSL
 ^request headers includesKey: 'via'
 
This seems to fix all the css and javascript includes.  If that's an ok change, I'll commit it to the repository, but I'm unfamiliar with this area and don't want to change anything without someone who knows it better OK'ing it.

________________________________

From: [hidden email] on behalf of Ramon Leon
Sent: Fri 4/28/2006 6:25 PM
To: The Squeak Enterprise Aubergines Server - general discussion.
Subject: RE: [Seaside] SSL


 Hmm, that part works great, but css scripts are still imported via http resulting in warnings about unsecure elements.  I'll dig around see if I can find where to fix those, but if you're around, do tell.

________________________________

From: [hidden email] on behalf of Avi Bryant
Sent: Fri 4/28/2006 11:04 AM
To: The Squeak Enterprise Aubergines Server - general discussion.
Subject: Re: [Seaside] SSL




On Apr 28, 2006, at 10:56 AM, Ramon Leon wrote:
>
> Thanks, but can you share the code, or am I in for another night of
> hacking trying to figure out how to modify seasides generated url
> root?

These are from my WASession subclass:

actionUrlForKey: aString
        | url |
        url := super actionUrlForKey: aString.
        self useSSL ifTrue: [url scheme: #https; port: 443].
        ^ url
       
useSSL
        ^ (currentRequest headers includesKey: 'via')

Avi
_______________________________________________
Seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside



_______________________________________________
Seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside