玩！ Heroku上的框架：validation.keep（）不适用于HTTPS [英] Play! Framework on Heroku: validation.keep() isn't working over HTTPS

问题描述

我使用Heroku来部署我的Play！框架应用。我有一个使用
$ b

 标准结构的表单。 
} 
 
 public static void handleForm（@Required param，@Required otherParam等）{
 if（validation.hasErrors（））{
 validation.keep ）; 
 showForm（）; 
} else {
 //处理表单参数
} 
} 
  

这可以正常工作：

• 运行HTTP的机器位于 localhost：9000 www.myapp.com
中运行HTTP的

• 
  
• 开发机器运行HTTPS at localhost：9443

但是，对于Heroku通过使用基于主机名的SSL在 secure.myapp.com 上的HTTPS，验证不会显示。我认为问题在于 validation.keep（）不起作用。

如果 validation.keep（）生成一个cookie，问题与 www.myapp.com 和<$ c之间的区别有关$ c> secure.myapp.com ，那么我可能会遇到更深层的问题，因为：

• 我已经拥有 application.defaultCookieDomain = .myapp.com ，根据
  
• 我认为GET和POST都是通过HTTPS进行的，所以我认为他们有这个问题。同样的域名无论如何...
  
  
  
  
  • 表单的GET肯定是通过HTTPS
  
  
  • 处理表单数据时，结果肯定是通过HTTPS显示的
  
  
  • 我猜可能是POST发生在HTTP上（因此 www。* 而不是 secure。* ，但我不确定如何检查）。
  
  

任何人有什么猜错？

解决方案

目前在heroku上的ssl（x-forwarded-proto）支持上存在不兼容性，导致所有请求被视为不安全。

https://play.lighthouseapp.com/projects/57987/tickets/1385-requests-are-never-secure-on-heroku-when-using- ssl

所以，这可能与您的浏览器发回的cookies有关？

I'm using Heroku to deploy my Play! framework app. I have a form that uses the standard structure of

public static void showForm() {
    render();
}

public static void handleForm(@Required param, @Required otherParam, etc) {
    if (validation.hasErrors()) {
        validation.keep();
        showForm();
    } else {
        //process form parameters
    }
}

This works fine on:

• dev machine running HTTP at localhost:9000
• heroku running HTTP at www.myapp.com
• dev machine running HTTPS at localhost:9443

However, for forms that do this on Heroku over HTTPS at secure.myapp.com using hostname-based SSL, the validations don't show up. I think the problem is that validation.keep() isn't working.

If validation.keep() makes a cookie, and the problem has something to do with the difference between www.myapp.com and secure.myapp.com, then I might have a deeper problem because:

• I already have application.defaultCookieDomain=.myapp.com, as per this question.
• I think that both the GET and the POST are happening over HTTPS, so I think they have the same domain anyway...
  • The form's GET is definitely over HTTPS
  • When the form's data is processed, its result is definitely shown over HTTPS
  • I guess it's possible that the POST is happening over HTTP (and thus www.* instead of secure.*, but I'm not sure how to check).

Anybody have any guesses as to what's going wrong?

解决方案

There is currently an incompatibility in the ssl (x-forwarded-proto) support for play on heroku that causes all requests to be considered insecure.

https://play.lighthouseapp.com/projects/57987/tickets/1385-requests-are-never-secure-on-heroku-when-using-ssl

So maybe this is related to the cookies your browser is sending back?

这篇关于玩！ Heroku上的框架：validation.keep（）不适用于HTTPS的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！