Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects versions: 3.2
    • Fix versions: 4.6
    • Components: Backend Software
    • Labels:
      None
    • Severity:
      Incorrectly Functioning With Workaround
    • Steps to reproduce:
      Hide
      Steps to reproduce:
      1. run opencast with only http
      2. use a proxy with https (with server.url correctly configured to point to the proxy address)
      3. log in
       
       Actual Results:
       POST /j_spring_security_check does a 302 redirect to http://server.url/admin-ng/index.html instead of https://server.url/admin-ng/index.html

      This is especially a problem when logging in via ajax in the engage ui as engage thinks the authentication failed because the browser will not redirect to http because of mixed content violation. You are actually logged in despite the error, which manually reloading the page proves.
       
       Expected Results:
       the browser is redirected to https://server.url/admin-ng/index.html thus enabling you to log in.
       
       Workaround (if any):
       configure your proxy to rewrite the response headers for Location: from http to https





      Show
      Steps to reproduce: 1. run opencast with only http 2. use a proxy with https (with server.url correctly configured to point to the proxy address) 3. log in    Actual Results:  POST /j_spring_security_check does a 302 redirect to http://server.url/admin-ng/index.html instead of https://server.url/admin-ng/index.html This is especially a problem when logging in via ajax in the engage ui as engage thinks the authentication failed because the browser will not redirect to http because of mixed content violation. You are actually logged in despite the error, which manually reloading the page proves.    Expected Results:  the browser is redirected to https://server.url/admin-ng/index.html thus enabling you to log in.    Workaround (if any):  configure your proxy to rewrite the response headers for Location: from http to https

      TestRail: Results

        Attachments

          Activity

            People

            • Assignee:
              greg_logan Greg Logan
              Reporter:
              ppettit Paul Pettit
            • Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:

                TestRail: Cases