Support #857
closed
Redmine integration in the Parthenos VRE: redirect does not work
Added by Alessia Bardi over 9 years ago. Updated over 9 years ago.
100%
Description
I commented a ticket for the Parthenos project from the redmine integrated into the VRE.
When I saved the comment it tried to redirect me to "https://services.d4science.org/group/parthenos/issue-tracker#https://services.d4science.org/c/iframe/proxy?p_l_id=868301&p_p_id=48_INSTANCE_lG4b&".
The web page tells me "You are being redirected." but that's not true :)
The same happens if I create a new ticket.
If you want to reproduce/test, you can use ticket #856.
Updated by Massimiliano Assante over 9 years ago
- Assignee changed from Massimiliano Assante to Luca Frosini
- Priority changed from Normal to High
I was able to reproduce the problem with Chrome (clicking submit button does not give any feedback to the user but the comment is submitted correctly).
In firefox on submit it says you are not redirected, it tells "You are being redirected" and stops. In Safari all good.
forgot to mention that all of this happens only when Redmine is i-framed. It works if used outside the iframe. I suspect Chrome and Firefox use some sort of security checks not allowing the submit if the URL is different from the one of the source page,
Luca Frosini could you please check what could be the problem.
Updated by Massimiliano Assante over 9 years ago
Given my comment above Pasquale Pagano this is definitely a problem for us. If my suspect is confirmed (Chrome and Firefox use some sort of security checks on submits) we may have to remove the redmine into VRE integration
Updated by Pasquale Pagano over 9 years ago
we need to understand how to do it ... more than remove from the VRE
Updated by Luca Frosini over 9 years ago
I have the same situation in firefox on ubuntu.
I think is a security issues of the browser. Try to check on google this kind of issue, maybe is something related to "cross-origin"
Updated by Massimiliano Assante over 9 years ago
- Status changed from New to In Progress
- Assignee changed from Luca Frosini to Massimiliano Assante
- Priority changed from High to Urgent
it's not the cross-origin. It's the mixed active content issue. (https vs. http). I try to explain what happens with this example:
Suppose you're commenting issue #856, when you click on commit Remine redirects to http://support.d4science.org/issues/856 instead of httpS://support.d4science.org...
Here's the Firefox console:
Bloccato il caricamento di contenuto misto attivo (mixed active content) “http://support.d4science.org/issues/856”
I'm not sure but, perhaps a Rewrite Rule on the Redmine apache2 reverse proxy (do we have that?) may solve the issue. Sth like whenever i get http://support.d4science.org -move it to https://support.d4science.org
Andrea Dell'Amico Tommaso Piccioli what do you think?
Also, it is weird we just found out now.
Updated by Andrea Dell'Amico over 9 years ago
We already have a reverse proxy, the ruby container cannot live without it. And there's a permanent redirection to the ssl enabled site:
Redirect permanent / https://support.d4science.org/
What it seems to me is that the portal is calling http URLs, so the 'mixed active content' issue happens before the redirection to the https site.
Updated by Massimiliano Assante over 9 years ago
What do you mean by the portal? You mean Liferay?
Updated by Massimiliano Assante over 9 years ago
Liferay is not involved. See below
In short: first an http post over HTTPS with the comment payload is made, right after that a GET over HTTP to show the commit result, then the reverse proxy answer 301 Moved Permanently and another GET over HTTPS is performed. Problem is that Firefox and Crome block the GET over HTTP.
Here is the sequence of what happens when you click commit on a comment (with or without Iframe).
POST 856
https://support.d4science.org
146.48.122.8:443
302 Found
GET 856
http://support.d4science.org
146.48.122.8:80
301 Moved Permanently
GET 856
https://support.d4science.org
146.48.122.8:443
200 OK
Updated by Luca Frosini over 9 years ago
The problem is in Redmine. If you try to use it outside of the portal you have the same behavoiur (mixed active content). The behaviour is blocked by the browser for security issues in iframes.
Updated by Massimiliano Assante over 9 years ago
Luca Frosini wrote:
The problem is in Redmine. If you try to use it outside of the portal you have the same behavoiur (mixed active content). The behaviour is blocked by the browser for security issues in iframes.
indeed that is what I meant before. We should modify Redmine somehow to make all the request over https, not sure how to do this, any hint?
Updated by Andrea Dell'Amico over 9 years ago
Massimiliano Assante wrote:
Luca Frosini wrote:
The problem is in Redmine. If you try to use it outside of the portal you have the same behavoiur (mixed active content). The behaviour is blocked by the browser for security issues in iframes.
indeed that is what I meant before. We should modify Redmine somehow to make all the request over https, not sure how to do this, any hint?
redmine is already configured to use https as a protocol (administration -> settings) and the redirect rule should deal with all the non encrypted http requests.
Logging is now split between encrypted and not encrypted traffic so that we can investigate better.
Updated by Luca Frosini over 9 years ago
Even if we have the right https url, maybe a solution can be this:
This happens when Apache sending requests to a backend server, like mongrel or thin. Apache isn't telling the backend server to use https so the links are generated incorrectly. Add the following configuration to Apache:
RequestHeader set X_FORWARDED_PROTO 'https'
Updated by Andrea Dell'Amico over 9 years ago
- Category set to System Application
- Status changed from In Progress to Feedback
- Assignee changed from Massimiliano Assante to _InfraScience Systems Engineer
- % Done changed from 0 to 80
It seems it's working, I didn't see a HTTP post for my action.
Updated by Andrea Dell'Amico over 9 years ago
Let me know if you prefer to switch from http to https with a rewrite rule or a redirect one.
Updated by Massimiliano Assante over 9 years ago
- Category deleted (
System Application) - Assignee changed from _InfraScience Systems Engineer to Massimiliano Assante
- % Done changed from 80 to 90
Problem seems solved, Alessia Bardi can you double check?
Updated by Alessia Bardi over 9 years ago
- Status changed from Feedback to Resolved
I confirm it works now both on firefox and chrome. Thanks
Updated by Massimiliano Assante over 9 years ago
- Status changed from Resolved to Closed
- % Done changed from 90 to 100
