Seaside 2.8 and Apache2

I've found a peculiar problem in running
Seaside 2.8 with Apache2...

It seems to be related to SSL. The symptom is: when I click on the submit button, I get a Security Warning from the Firefox browser (I've tried both Firefox and Opera) saying "Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party". Then when I click on "continue", the session seems to be expired which then throws me back to my home page.

I've simplified the problem by creating a very simple app called Fred. Here's the fileout:

WAComponent subclass: #Flintstone
    instanceVariableNames: ''
    classVariableNames: ''
    poolDictionaries: ''
    category: 'RKE-test'!
!Flintstone methodsFor: 'as yet unclassified' stamp: 'RKE 11/13/2007 22:43'!
renderContentOn: html
    html heading level: 2; with: 'A Form'.
    html form:
            [html text: 'your name'.
            html textInput.
            html break.
            html submitButton on: #save of: self]! !
!Flintstone methodsFor: 'as yet unclassified' stamp: 'RKE 11/13/2007 22:31'!
save
    Transcript cr; show: 'saving...'! !

WAComponent subclass: #Fred
    instanceVariableNames: ''
    classVariableNames: ''
    poolDictionaries: ''
    category: 'RKE-test'!
!Fred methodsFor: 'as yet unclassified' stamp: 'RKE 11/13/2007 22:40'!
renderContentOn: html
    html heading level: 1; with: 'Testing'.
    html anchor callback: [self call: Flintstone new]; with: 'Bedrock'! !
"-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- "!
Fred class
    instanceVariableNames: ''!
!Fred class methodsFor: 'as yet unclassified' stamp: 'RKE 11/13/2007 20:30'!
canBeRoot
    ^true! !

Here's the modified httpd.conf file to run Fred:

LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so
LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so
LoadModule rewrite_module /usr/lib/apache2/modules/mod_rewrite.so
LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so

ServerName www.goodsexnetwork.com
NameVirtualHost 192.168.1.101:80
<virtualhost 192.168.1.101:80>
ServerName www.goodsexnetwork.com
RewriteEngine on
ProxyRequests off
DocumentRoot /var/www
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
RewriteRule ^/(.*)$ <a href="https://%">https://%{SERVER_NAME}/$1 [L,R]
</virtualhost>

NameVirtualHost 192.168.1.101:443
<virtualhost 192.168.1.101:443>
ServerName www.goodsexnetwork.com
RewriteEngine on
ProxyRequests off
ProxyPreserveHost on
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.pem
DocumentRoot /var/www/ssl
ProxyPass /seaside/fred http://localhost:9090/seaside/fred
ProxyPassReverse /seaside/fred http://localhost:9090/seaside/fred
RewriteRule ^/$ http://localhost:9090/seaside/fred/$1 [P,L]
</virtualhost>


I tested Fred on both Seaside 2.7 and 2.8. In Seaside 2.7, I don't get the Security Warning and the app works perfectly. In Seaside 2.8, I get the Security Warning and the app expires the session on "submit".

In Seaside 2.7, the #save method writes to the Transcript. In Seaside 2.8, it doesn't, thereby proving that #save doesn't even get executed.

Like I said, very peculiar. I just don't understand what's going on and I'm afraid I may have to fall back to Seaside 2.7.


More info: with Seaside 2.8, if I move

DocumentRoot /var/www/ssl

ProxyPass /seaside/fred http://localhost:9090/seaside/fred

ProxyPassReverse /seaside/fred http://localhost:9090/seaside/fred

RewriteRule ^/$ http://localhost:9090/seaside/fred/$1 [P,L]

into the 192.168.1.101:80 Virtual Host, thereby circumventing SSL, there is no problem. So this is absolutely related to SSL.

Regards,
Richard


_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside

Seaside needs to know that its hosted behind ssl, did you set the #serverProtocol to be #https?

Cheers!

-Boris
(Sent from a BlackBerry)

----- Original Message -----
From: [hidden email] <[hidden email]>
To: [hidden email] <[hidden email]>
Sent: Tue Nov 13 21:02:19 2007
Subject: [Seaside] Seaside 2.8 and Apache2

I've found a peculiar problem in running
Seaside 2.8 with Apache2...

It seems to be related to SSL. The symptom is: when I click on the submit button, I get a Security Warning from the Firefox browser (I've tried both Firefox and Opera) saying "Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party". Then when I click on "continue", the session seems to be expired which then throws me back to my home page.

I've simplified the problem by creating a very simple app called Fred. Here's the fileout:

WAComponent subclass: #Flintstone
    instanceVariableNames: ''
    classVariableNames: ''
    poolDictionaries: ''
    category: 'RKE-test'!
!Flintstone methodsFor: 'as yet unclassified' stamp: 'RKE 11/13/2007 22:43'!
renderContentOn: html
    html heading level: 2; with: 'A Form'.
    html form:
            [html text: 'your name'.
            html textInput.
            html break.
            html submitButton on: #save of: self]! !
!Flintstone methodsFor: 'as yet unclassified' stamp: 'RKE 11/13/2007 22:31'!
save
    Transcript cr; show: 'saving...'! !

WAComponent subclass: #Fred
    instanceVariableNames: ''
    classVariableNames: ''
    poolDictionaries: ''
    category: 'RKE-test'!
!Fred methodsFor: 'as yet unclassified' stamp: 'RKE 11/13/2007 22:40'!
renderContentOn: html
    html heading level: 1; with: 'Testing'.
    html anchor callback: [self call: Flintstone new]; with: 'Bedrock'! !
"-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- "!
Fred class
    instanceVariableNames: ''!
!Fred class methodsFor: 'as yet unclassified' stamp: 'RKE 11/13/2007 20:30'!
canBeRoot
    ^true! !

Here's the modified httpd.conf file to run Fred:

LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so
LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so
LoadModule rewrite_module /usr/lib/apache2/modules/mod_rewrite.so
LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so

ServerName www.goodsexnetwork.com
NameVirtualHost 192.168.1.101:80
<virtualhost 192.168.1.101:80>
ServerName www.goodsexnetwork.com
RewriteEngine on
ProxyRequests off
DocumentRoot /var/www
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
RewriteRule ^/(.*)$ <A HREF="https://%">https://%{SERVER_NAME}/$1 [L,R]
</virtualhost>

NameVirtualHost 192.168.1.101:443
<virtualhost 192.168.1.101:443>
ServerName www.goodsexnetwork.com
RewriteEngine on
ProxyRequests off
ProxyPreserveHost on
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.pem
DocumentRoot /var/www/ssl
ProxyPass /seaside/fred http://localhost:9090/seaside/fred
ProxyPassReverse /seaside/fred http://localhost:9090/seaside/fred
RewriteRule ^/$ http://localhost:9090/seaside/fred/$1 [P,L]
</virtualhost>


I tested Fred on both Seaside 2.7 and 2.8. In Seaside 2.7, I don't get the Security Warning and the app works perfectly. In Seaside 2.8, I get the Security Warning and the app expires the session on "submit".

In Seaside 2.7, the #save method writes to the Transcript. In Seaside 2.8, it doesn't, thereby proving that #save doesn't even get executed.

Like I said, very peculiar. I just don't understand what's going on and I'm afraid I may have to fall back to Seaside 2.7.


More info: with Seaside 2.8, if I move

DocumentRoot /var/www/ssl

ProxyPass /seaside/fred http://localhost:9090/seaside/fred

ProxyPassReverse /seaside/fred http://localhost:9090/seaside/fred

RewriteRule ^/$ http://localhost:9090/seaside/fred/$1 [P,L]

into the 192.168.1.101:80 Virtual Host, thereby circumventing SSL, there is no problem. So this is absolutely related to SSL.

Regards,
Richard


_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside

_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside

_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside