It is not possible right now but yes I agree we should be able to
access the URL scheme in some way. Please report it to the issue
tracker.
> --
> You received this message because you are subscribed to the Google Groups "play-framework" group.
> To post to this group, send email to play-fr...@googlegroups.com.
> To unsubscribe from this group, send email to play-framewor...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/play-framework?hl=en.
>
--
Guillaume Bort
It looks like the Heroku reverse proxy add the "x-forwarded-proto"
header in the request. So you can check it to determine if the
original request was https.
> --
> You received this message because you are subscribed to the Google Groups
> "play-framework" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/play-framework/-/omkV6a5CFjcJ.
HiIs there any news on functionality to redirect all unsecure traffic to a secure URL? I'm experimenting with Heroku and right now during dev stages I am using the piggyback wildcard-SSL certificate (*.herokuapp.com). The piggyback SSL doesn't set x-forwarded-proto as far as I can see.
BR Magnus Andersson
Den torsdagen den 29:e december 2011 kl. 19:00:16 UTC+1 skrev stephanos:Maybe I just missed it, but how do I enforce HTTPS for certain pages/views?Cheers,Stephan
--
You received this message because you are subscribed to the Google Groups "play-framework" group.
To view this discussion on the web visit https://groups.google.com/d/msg/play-framework/-/PcgcqPUEBacJ.
To post to this group, send email to play-fr...@googlegroups.com.
To unsubscribe from this group, send email to play-framewor...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/play-framework?hl=en.
I am using heroku and I am using their new ssl:endpoint addon. I am able to see the x-forwarded-proto in the headers. i.e in the controller I am able to do
val secure = request.headers.get("x-forwarded-proto") match { case None => false; case Some(protos) => protos.contains("https") }
The problem is on the heroku side, there is no way to enforce only https connections. So, my question is on the play side ( Play 2.0 )
1) how do i restrict only https connections in play. I am sure this is doable, but haven't read all the docs, so am not sure about the canonical way to achieve this without having to specify in every Action.
2) Is it possible to redirect all http connections to https ?
ps: I am surprised by the lack of features on heroku. like there is no auto load balancing based on a configured health check. It seems primitive to me one has to calculate and provision and take down the no of dynos and all that. Lack of ability to specify the protocol such as only https and redirects accordingly. Will have to investigate AWS EBS and Cloud formation for a better solution later.
thanks
Arun
On Sun, Apr 15, 2012 at 7:15 AM, Bjorn Roche <bj...@xowave.com> wrote:
On Apr 15, 2012, at 5:49 AM, Magnus Andersson wrote:HiIs there any news on functionality to redirect all unsecure traffic to a secure URL? I'm experimenting with Heroku and right now during dev stages I am using the piggyback wildcard-SSL certificate (*.herokuapp.com). The piggyback SSL doesn't set x-forwarded-proto as far as I can see.Heroku piggyback most definitely does set x-forwarded-proto. I use this with restlet for my http/https redirects.
BR Magnus Andersson
Den torsdagen den 29:e december 2011 kl. 19:00:16 UTC+1 skrev stephanos:Maybe I just missed it, but how do I enforce HTTPS for certain pages/views?Cheers,Stephan--
You received this message because you are subscribed to the Google Groups "play-framework" group.
To view this discussion on the web visit https://groups.google.com/d/msg/play-framework/-/PcgcqPUEBacJ.
To post to this group, send email to play-framework@googlegroups.com.
To unsubscribe from this group, send email to play-framework+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/play-framework?hl=en.
Audio Collaboration
--
You received this message because you are subscribed to the Google Groups "play-framework" group.
To post to this group, send email to play-framework@googlegroups.com.
To unsubscribe from this group, send email to play-framework+unsubscribe@googlegroups.com.
HiI have written the following (which is basically an equivalent of James's trait) in Java :public class ForceHttps extends Action.Simple{private static String SSL_HEADER_CLOUD_FOUNDRY = "SSLSESSIONID";@Overridepublic Result call(Context ctx) throws Throwable {if(!isHttpsRequest(ctx.request())){return redirect("https://" + ctx.request().host() + ctx.request().uri());}return delegate.call(ctx);}private boolean isHttpsRequest(Request request){if(Play.isDev()){return true;}if(StringUtils.isNotEmpty(request.getHeader(SSL_HEADER_CLOUD_FOUNDRY))){return true;}return false;}}You can then use that on your controllers with the "With" annotation :@With(ForceHttps.class)public class Application extends Controller {...}I haven't found a way to apply this to all my controllers automatically though, so it's not perfect but it does the job for me for the moment.