URL: https://github.com/freeipa/freeipa/pull/2745 Author: stanislavlevin Title: #2745: [WebUI] Don't use cross-origin request Action: opened
PR body: """ 'Origin' for IPA login page is 'httpS://xxx'. But 'configured' link has URL like 'http://xxx/ssbrowser.html'. Since IPA web server doesn't use any kind of Access-Control-Allow-Origin rules Mozilla Firefox blocks Cross-Origin request due to the Same Origin policy violation. So, just follow the Same Origin policy. Fixes: https://pagure.io/freeipa/issue/7832 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2745/head:pr2745 git checkout pr2745
From f833f694e01d30cb45f878826be442ac4d7c4349 Mon Sep 17 00:00:00 2001 From: Stanislav Levin <s...@altlinux.org> Date: Fri, 11 Jan 2019 11:05:26 +0300 Subject: [PATCH] Don't use cross-origin request 'Origin' for IPA login page is 'httpS://xxx'. But 'configured' link has URL like 'http://xxx/ssbrowser.html'. Since IPA web server doesn't use any kind of Access-Control-Allow-Origin rules Mozilla Firefox blocks Cross-Origin request due to the Same Origin policy violation. So, just follow the Same Origin policy. Fixes: https://pagure.io/freeipa/issue/7832 Signed-off-by: Stanislav Levin <s...@altlinux.org> --- install/ui/src/freeipa/widgets/LoginScreen.js | 2 +- ipaserver/plugins/internal.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/install/ui/src/freeipa/widgets/LoginScreen.js b/install/ui/src/freeipa/widgets/LoginScreen.js index b4af193bb8..ef9aaae165 100644 --- a/install/ui/src/freeipa/widgets/LoginScreen.js +++ b/install/ui/src/freeipa/widgets/LoginScreen.js @@ -60,7 +60,7 @@ define(['dojo/_base/declare', kerberos_msg: "<i class=\"fa fa-info-circle\"></i> To log in with " + "<strong>Kerberos</strong>, please make sure you" + " have valid tickets (obtainable via kinit) and <a href=" + - "'http://${host}/ipa/config/ssbrowser.html'>configured</a>" + + "'https://${host}/ipa/config/ssbrowser.html'>configured</a>" + " the browser correctly, then click Login. ", cert_msg: "<i class=\"fa fa-info-circle\"></i> To log in with " + "<strong>certificate</strong>, please make sure you have valid " + diff --git a/ipaserver/plugins/internal.py b/ipaserver/plugins/internal.py index 9ed44ccfaf..cad70054a5 100644 --- a/ipaserver/plugins/internal.py +++ b/ipaserver/plugins/internal.py @@ -389,7 +389,7 @@ class i18n_messages(Command): "krb_auth_msg": _( "<i class=\"fa fa-info-circle\"></i> To log in with " "<strong>Kerberos</strong>, please make sure you have valid " - "tickets (obtainable via kinit) and <a href='http://${host}/"; + "tickets (obtainable via kinit) and <a href='https://${host}/"; "ipa/config/ssbrowser.html'>configured</a> the browser " "correctly, then click 'Log in'."), "loading": _("Loading"),
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
