Project:
View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||||
ID | |||||||||||
0024795 | |||||||||||
Type | Category | Severity | Reproducibility | Date Submitted | Last Update | ||||||
defect | [Openbravo ERP] A. Platform | minor | have not tried | 2013-09-19 13:13 | 2022-02-01 08:05 | ||||||
Reporter | adrianromero | View Status | public | ||||||||
Assigned To | Triage Platform Base | ||||||||||
Priority | normal | Resolution | open | Fixed in Version | |||||||
Status | acknowledged | Fix in branch | Fixed in SCM revision | ||||||||
Projection | none | ETA | none | Target Version | |||||||
OS | Any | Database | Any | Java version | |||||||
OS Version | Database version | Ant version | |||||||||
Product Version | SCM revision | ||||||||||
Review Assigned To | |||||||||||
Web browser | |||||||||||
Modules | Core | ||||||||||
Regression level | |||||||||||
Regression date | |||||||||||
Regression introduced in release | |||||||||||
Regression introduced by commit | |||||||||||
Triggers an Emergency Pack | No | ||||||||||
Summary | 0024795: If Openbravo is behind a proxy server that uses https. Login page is forwarded with protocol http. | ||||||||||
Description | In the case there is a proxy server that exposes the Openbravo application using the https protocol, but request to Openbravo from the proxy uses http, then during the login process Openbravo sends a redirection to the menu with the protocol http and sending the username and password clear through the net. This is because when redirecting to menu, Openbravo builds an absolute URL using the request that is http not https | ||||||||||
Steps To Reproduce | In description | ||||||||||
Proposed Solution | Instead of building an absolute URL, build a relative URL in redirections. Attached a fix for the case of the redirection in the login process only. | ||||||||||
Tags | No tags attached. | ||||||||||
Attached Files | Fix-24795.patch [^] (4,723 bytes) 2013-09-19 13:14 [Show Content] | ||||||||||
Relationships [ Relation Graph ] [ Dependency Graph ] | |
Notes | |
(0081704) shuehner (administrator) 2015-11-11 13:14 |
Note: there is probably server config bug involved. As when having SSL termination done not in tomcat itself but in some other software before. You need to configure that software properly to tell tomcat that the outside global url is with ssl. When done correctly Openbravo will work just fine (ie. running live like that in all of ondemand). Note: That does not invalidate this issue, as not relying on this in some code make it more robust against that wrong configuration problem. |
Issue History | |||
Date Modified | Username | Field | Change |
2013-09-19 13:13 | adrianromero | New Issue | |
2013-09-19 13:13 | adrianromero | Assigned To | => AugustoMauch |
2013-09-19 13:13 | adrianromero | Modules | => Core |
2013-09-19 13:13 | adrianromero | Triggers an Emergency Pack | => No |
2013-09-19 13:14 | adrianromero | File Added: Fix-24795.patch | |
2013-09-19 13:30 | shuehner | Issue Monitored: shuehner | |
2015-03-17 14:37 | alostale | Assigned To | AugustoMauch => platform |
2015-11-11 11:30 | alostale | Priority | urgent => normal |
2015-11-11 11:30 | alostale | Severity | major => minor |
2015-11-11 11:30 | alostale | Status | new => acknowledged |
2015-11-11 13:14 | shuehner | Note Added: 0081704 | |
2022-02-01 08:05 | alostale | Assigned To | platform => Triage Platform Base |
Copyright © 2000 - 2009 MantisBT Group |