-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/44966/
-----------------------------------------------------------

Review request for Ambari, Alexandr Antonenko and Denys Buzhor.


Bugs: AMBARI-15319
    https://issues.apache.org/jira/browse/AMBARI-15319


Repository: ambari


Description
-------

Install latest Ambari trunk build.
Open Ambari web using IE. In the Admin view, click on Sign out.
The login page is displayed briefly and then the page returns to the Admin view.
This works fine on FF and Chrome.

This seems to be happening because of the additional parameters added to the 
url in signout() method in 
ambari-admin/src/main/resources/ui/admin-web/app/scripts/services/Auth.js

// Workaround for sign off within Basic Authorization
      var origin = $window.location.protocol + '//' + Date.now() + ':' + 
Date.now() + '@' +
            $window.location.hostname + ($window.location.port ? ':' + 
$window.location.port : '');
      return $http({
        method: 'GET',
        url: origin + Settings.baseUrl + '/logout'
      });

This causes an exception in IE (A security problem occurred.) when executing 
urlParsingNode.setAttribute("href", href); 

As a result, the server side performLogout method is not invoked and after 
temporarily displaying the login page, the user is brought back in to the 
Dashboard.

To fix this, we will instead pass an invalid username and password in the 
request header.

//use an invalid username and password in the request header
      $http.defaults.headers.common['Authorization'] = 'Basic ' + 
btoa('invalid_username:password');
      return $http({
        method: 'GET',
        url: Settings.baseUrl + '/logout'
       });


Diffs
-----

  ambari-admin/src/main/resources/ui/admin-web/app/scripts/services/Auth.js 
14c04c1 

Diff: https://reviews.apache.org/r/44966/diff/


Testing
-------

Manually tested fix on IE, Chrome and FF.


Thanks,

Sangeeta Ravindran

Reply via email to