Details
-
Bug
-
Status: Open
-
Minor
-
Resolution: Unresolved
-
7.8.0
-
None
-
None
Description
I'm using SecuredRemoteAddressRequestWrapperFactory and what I get is:
2017-08-08 09:07:53.460 DEBUG 3851 --- [nio-8080-exec-3] ecuredRemoteAddressRequestWrapperFactory : Incoming request uri=/id/cari-wanita/di/Kota%20Malang,%20Jawa%20Timur,%20Republic%20of%20Indonesia with originalSecure='false', remoteAddr='127.0.0.1' will be seen with newSecure='false'
Since remoteAddr is 127.* then it should be treated as secure, per documentation.
This code in SecuredRemoteAddressRequestWrapperFactory is probably buggy: (i.e. need to remove ==false)
@Override public boolean needsWrapper(final HttpServletRequest request) { return !request.isSecure() && matchesOne(request.getRemoteAddr(), config.securedRemoteAddresses) == false; }
Additionally, newSecure = should be xRequest.isSecure() :
HttpServletRequest xRequest = super.getWrapper(request); if (log.isDebugEnabled()) { log.debug("Incoming request uri=" + request.getRequestURI() + " with originalSecure='" + request.isSecure() + "', remoteAddr='" + request.getRemoteAddr() + "' will be seen with newSecure='" + request.isSecure() + "'"); }
Related to WICKET-3015.
Tag jdonnerstag pete