Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0020923
TypeCategorySeverityReproducibilityDate SubmittedLast Update
defect[Openbravo ERP] J. Demo datamajoralways2012-07-03 20:532012-07-10 10:35
Reporterdmitry_mezentsevView Statuspublic 
Assigned Toiperdomo 
PriorityimmediateResolutionfixedFixed in Version
StatusclosedFix in branchpiFixed in SCM revision28f9ecda938f
ProjectionnoneETAnoneTarget Version3.0MP12.1
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product Version3.0MP12SCM revision 
Review Assigned To
Web browserGoogle Chrome
ModulesCore
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary

0020923: Un-secure content warning when accessing My Openbravo workspace

DescriptionUn-secure content warning in the browser window (Chrome) when accessing My Openbravo workspace of the instance working using HTTPS.
Steps To ReproduceOpenbravo instance running with configured SSL certificate and Chrome / Chromium as a browser.

Login as Openbravo / openbravo and mention warning about un-secure content on the page.
Proposed SolutionWorkaround for MP12.1 to fix situation with On Demand. Remove Twitter and Facebook widgets from the International Group Admin workspace.

After it priority of the issue can be decreased and widgets themselves should be fixed.

To test the fix please contact SHU or DME, we can help with an instance with proper SSL.
TagsNo tags attached.
Attached Filesdiff file icon issue20923.diff [^] (30,109 bytes) 2012-07-04 14:37 [Show Content]

- Relationships Relation Graph ] Dependency Graph ]

-  Notes
(0050348)
iperdomo (developer)
2012-07-04 12:51

The Facebook widget cannot be easily solved.
Using Chrome/Chromium visit:
https://facebookiggadget.appspot.com/ [^]

You'll get a security warning, "Load Anyway"
Check the source code, and you'll find:
<script type="text/javascript" src="http://connect.facebook.net/en_US/all.js"></script> [^]

Instead it should be use:
<script type="text/javascript" src="//connect.facebook.net/en_US/all.js"></script>

Since connect.facebook.net supports HTTPS.

We'll remove the widget and notify the developer
(0050353)
hgbot (developer)
2012-07-04 16:36

Repository: erp/devel/pi
Changeset: 28f9ecda938f663bd19f8760bc0ec5592d9add29
Author: Iván Perdomo <ivan.perdomo <at> openbravo.com>
Date: Wed Jul 04 16:33:31 2012 +0200
URL: http://code.openbravo.com/erp/devel/pi/rev/28f9ecda938f663bd19f8760bc0ec5592d9add29 [^]

Fixes issue 20923: Fixes twitter widget and removes Facebook's
- The twitter widget was using http:// to load the widget .js file, now we use the
  protocol relative // and delegate request to the browser
- The facebook widget includes a .js file using a hardcoded http:// protocol there
  is no way to fix it. We'll notify the developer

---
M modules/org.openbravo.client.widgets/web/org.openbravo.client.widgets/twitter.html
M referencedata/sampledata/F_B_International_Group.xml
---
(0050361)
shuehner (administrator)
2012-07-04 21:52

Tested with pi (rev: 7ba314cca740) in an instance configured with a proper ssl certificate. Now no 'page contains unsecure content' warnings as shown anymore after login when testing with FF13.0.1, chromium20, IE8).

Reviewing the diff (sampledata data parT) shows only deletion of widget instances related to widgetclass definition for Facebook widget + only parameter deletions related to the uuid's of the deleted widget-instances.

-> Closing
(0050422)
hudsonbot (developer)
2012-07-10 10:35

A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/9f5eedec4e1a [^]

Maturity status: Test

- Issue History
Date Modified Username Field Change
2012-07-03 20:53 dmitry_mezentsev New Issue
2012-07-03 20:53 dmitry_mezentsev Assigned To => AugustoMauch
2012-07-03 20:53 dmitry_mezentsev Web browser => Google Chrome
2012-07-03 20:53 dmitry_mezentsev Modules => Core
2012-07-04 12:25 iperdomo File Added: twitter.html.diff
2012-07-04 12:51 iperdomo Note Added: 0050348
2012-07-04 12:52 iperdomo Assigned To AugustoMauch => iperdomo
2012-07-04 12:52 iperdomo Status new => scheduled
2012-07-04 12:52 iperdomo fix_in_branch => pi
2012-07-04 13:41 iperdomo File Added: issue20923.diff
2012-07-04 13:55 iperdomo File Deleted: issue20923.diff
2012-07-04 14:37 iperdomo File Added: issue20923.diff
2012-07-04 14:38 iperdomo File Deleted: twitter.html.diff
2012-07-04 16:36 hgbot Checkin
2012-07-04 16:36 hgbot Note Added: 0050353
2012-07-04 16:36 hgbot Status scheduled => resolved
2012-07-04 16:36 hgbot Resolution open => fixed
2012-07-04 16:36 hgbot Fixed in SCM revision => http://code.openbravo.com/erp/devel/pi/rev/28f9ecda938f663bd19f8760bc0ec5592d9add29 [^]
2012-07-04 21:52 shuehner Note Added: 0050361
2012-07-04 21:52 shuehner Status resolved => closed
2012-07-10 10:35 hudsonbot Checkin
2012-07-10 10:35 hudsonbot Note Added: 0050422


Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker