Openbravo Issue Tracking System - Openbravo ERP |
| View Issue Details |
|
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0020923 | Openbravo ERP | J. Demo data | public | 2012-07-03 20:53 | 2012-07-10 10:35 |
|
| Reporter | dmitry_mezentsev | |
| Assigned To | iperdomo | |
| Priority | immediate | Severity | major | Reproducibility | always |
| Status | closed | Resolution | fixed | |
| Platform | | OS | 5 | OS Version | |
| Product Version | 3.0MP12 | |
| Target Version | 3.0MP12.1 | Fixed in Version | | |
| Merge Request Status | |
| Review Assigned To | |
| OBNetwork customer | No |
| Web browser | Google Chrome |
| Modules | Core |
| Support ticket | |
| Regression level | |
| Regression date | |
| Regression introduced in release | |
| Regression introduced by commit | |
| Triggers an Emergency Pack | No |
|
| Summary | 0020923: Un-secure content warning when accessing My Openbravo workspace |
| Description | Un-secure content warning in the browser window (Chrome) when accessing My Openbravo workspace of the instance working using HTTPS. |
| Steps To Reproduce | Openbravo instance running with configured SSL certificate and Chrome / Chromium as a browser.
Login as Openbravo / openbravo and mention warning about un-secure content on the page. |
| Proposed Solution | Workaround for MP12.1 to fix situation with On Demand. Remove Twitter and Facebook widgets from the International Group Admin workspace.
After it priority of the issue can be decreased and widgets themselves should be fixed.
To test the fix please contact SHU or DME, we can help with an instance with proper SSL. |
| Additional Information | |
| Tags | No tags attached. |
| Relationships | |
| Attached Files |  issue20923.diff (30,109) 2012-07-04 14:37
https://issues.openbravo.com/file_download.php?file_id=5350&type=bug |
|
| Issue History |
| Date Modified | Username | Field | Change |
| 2012-07-03 20:53 | dmitry_mezentsev | New Issue | |
| 2012-07-03 20:53 | dmitry_mezentsev | Assigned To | => AugustoMauch |
| 2012-07-03 20:53 | dmitry_mezentsev | Web browser | => Google Chrome |
| 2012-07-03 20:53 | dmitry_mezentsev | Modules | => Core |
| 2012-07-03 20:53 | dmitry_mezentsev | OBNetwork customer | => No |
| 2012-07-04 12:25 | iperdomo | File Added: twitter.html.diff | |
| 2012-07-04 12:51 | iperdomo | Note Added: 0050348 | |
| 2012-07-04 12:52 | iperdomo | Assigned To | AugustoMauch => iperdomo |
| 2012-07-04 12:52 | iperdomo | Status | new => scheduled |
| 2012-07-04 12:52 | iperdomo | fix_in_branch | => pi |
| 2012-07-04 13:41 | iperdomo | File Added: issue20923.diff | |
| 2012-07-04 13:55 | iperdomo | File Deleted: issue20923.diff | |
| 2012-07-04 14:37 | iperdomo | File Added: issue20923.diff | |
| 2012-07-04 14:38 | iperdomo | File Deleted: twitter.html.diff | |
| 2012-07-04 16:36 | hgbot | Checkin | |
| 2012-07-04 16:36 | hgbot | Note Added: 0050353 | |
| 2012-07-04 16:36 | hgbot | Status | scheduled => resolved |
| 2012-07-04 16:36 | hgbot | Resolution | open => fixed |
| 2012-07-04 16:36 | hgbot | Fixed in SCM revision | => http://code.openbravo.com/erp/devel/pi/rev/28f9ecda938f663bd19f8760bc0ec5592d9add29 [^] |
| 2012-07-04 21:52 | shuehner | Note Added: 0050361 | |
| 2012-07-04 21:52 | shuehner | Status | resolved => closed |
| 2012-07-10 10:35 | hudsonbot | Checkin | |
| 2012-07-10 10:35 | hudsonbot | Note Added: 0050422 | |
|
Notes |
|
|
|
The Facebook widget cannot be easily solved.
Using Chrome/Chromium visit:
https://facebookiggadget.appspot.com/ [^]
You'll get a security warning, "Load Anyway"
Check the source code, and you'll find:
<script type="text/javascript" src="http://connect.facebook.net/en_US/all.js"></script> [^]
Instead it should be use:
<script type="text/javascript" src="//connect.facebook.net/en_US/all.js"></script>
Since connect.facebook.net supports HTTPS.
We'll remove the widget and notify the developer |
|
|
|
(0050353)
|
|
hgbot
|
|
2012-07-04 16:36
|
|
Repository: erp/devel/pi
Changeset: 28f9ecda938f663bd19f8760bc0ec5592d9add29
Author: Iván Perdomo <ivan.perdomo <at> openbravo.com>
Date: Wed Jul 04 16:33:31 2012 +0200
URL: http://code.openbravo.com/erp/devel/pi/rev/28f9ecda938f663bd19f8760bc0ec5592d9add29 [^]
Fixes issue 20923: Fixes twitter widget and removes Facebook's
- The twitter widget was using http:// to load the widget .js file, now we use the
protocol relative // and delegate request to the browser
- The facebook widget includes a .js file using a hardcoded http:// protocol there
is no way to fix it. We'll notify the developer
---
M modules/org.openbravo.client.widgets/web/org.openbravo.client.widgets/twitter.html
M referencedata/sampledata/F_B_International_Group.xml
---
|
|
|
|
|
Tested with pi (rev: 7ba314cca740) in an instance configured with a proper ssl certificate. Now no 'page contains unsecure content' warnings as shown anymore after login when testing with FF13.0.1, chromium20, IE8).
Reviewing the diff (sampledata data parT) shows only deletion of widget instances related to widgetclass definition for Facebook widget + only parameter deletions related to the uuid's of the deleted widget-instances.
-> Closing |
|
|
|
|
|