> On March 21, 2016, 5:03 p.m., Alexandr Antonenko wrote:
> > Ship It!

Thanks Alexander. Can you please help push the fix?


- Sangeeta


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/44966/#review124579
-----------------------------------------------------------


On March 18, 2016, 4:52 p.m., Sangeeta Ravindran wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/44966/
> -----------------------------------------------------------
> 
> (Updated March 18, 2016, 4:52 p.m.)
> 
> 
> Review request for Ambari, Alexandr Antonenko and Denys Buzhor.
> 
> 
> Bugs: AMBARI-15319
>     https://issues.apache.org/jira/browse/AMBARI-15319
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> Install latest Ambari trunk build.
> Open Ambari web using IE. In the Admin view, click on Sign out.
> The login page is displayed briefly and then the page returns to the Admin 
> view.
> This works fine on FF and Chrome.
> 
> This seems to be happening because of the additional parameters added to the 
> url in signout() method in 
> ambari-admin/src/main/resources/ui/admin-web/app/scripts/services/Auth.js
> 
> // Workaround for sign off within Basic Authorization
>       var origin = $window.location.protocol + '//' + Date.now() + ':' + 
> Date.now() + '@' +
>             $window.location.hostname + ($window.location.port ? ':' + 
> $window.location.port : '');
>       return $http({
>         method: 'GET',
>         url: origin + Settings.baseUrl + '/logout'
>       });
> 
> This causes an exception in IE (A security problem occurred.) when executing 
> urlParsingNode.setAttribute("href", href); 
> 
> As a result, the server side performLogout method is not invoked and after 
> temporarily displaying the login page, the user is brought back in to the 
> Dashboard.
> 
> To fix this, we will instead pass an invalid username and password in the 
> request header.
> 
> //use an invalid username and password in the request header
>       $http.defaults.headers.common['Authorization'] = 'Basic ' + 
> btoa('invalid_username:password');
>       return $http({
>         method: 'GET',
>         url: Settings.baseUrl + '/logout'
>        });
> 
> 
> Diffs
> -----
> 
>   ambari-admin/src/main/resources/ui/admin-web/app/scripts/services/Auth.js 
> 14c04c1 
> 
> Diff: https://reviews.apache.org/r/44966/diff/
> 
> 
> Testing
> -------
> 
> Manually tested fix on IE, Chrome and FF.
> 
> 
> Thanks,
> 
> Sangeeta Ravindran
> 
>

Reply via email to