----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/44966/#review124598 -----------------------------------------------------------
ambari-admin/src/main/resources/ui/admin-web/app/scripts/services/Auth.js (line 21) <https://reviews.apache.org/r/44966/#comment187210> next time don't forget to remove unused variable $window - Alexandr Antonenko On March 18, 2016, 4:52 p.m., Sangeeta Ravindran wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/44966/ > ----------------------------------------------------------- > > (Updated March 18, 2016, 4:52 p.m.) > > > Review request for Ambari, Alexandr Antonenko and Denys Buzhor. > > > Bugs: AMBARI-15319 > https://issues.apache.org/jira/browse/AMBARI-15319 > > > Repository: ambari > > > Description > ------- > > Install latest Ambari trunk build. > Open Ambari web using IE. In the Admin view, click on Sign out. > The login page is displayed briefly and then the page returns to the Admin > view. > This works fine on FF and Chrome. > > This seems to be happening because of the additional parameters added to the > url in signout() method in > ambari-admin/src/main/resources/ui/admin-web/app/scripts/services/Auth.js > > // Workaround for sign off within Basic Authorization > var origin = $window.location.protocol + '//' + Date.now() + ':' + > Date.now() + '@' + > $window.location.hostname + ($window.location.port ? ':' + > $window.location.port : ''); > return $http({ > method: 'GET', > url: origin + Settings.baseUrl + '/logout' > }); > > This causes an exception in IE (A security problem occurred.) when executing > urlParsingNode.setAttribute("href", href); > > As a result, the server side performLogout method is not invoked and after > temporarily displaying the login page, the user is brought back in to the > Dashboard. > > To fix this, we will instead pass an invalid username and password in the > request header. > > //use an invalid username and password in the request header > $http.defaults.headers.common['Authorization'] = 'Basic ' + > btoa('invalid_username:password'); > return $http({ > method: 'GET', > url: Settings.baseUrl + '/logout' > }); > > > Diffs > ----- > > ambari-admin/src/main/resources/ui/admin-web/app/scripts/services/Auth.js > 14c04c1 > > Diff: https://reviews.apache.org/r/44966/diff/ > > > Testing > ------- > > Manually tested fix on IE, Chrome and FF. > > > Thanks, > > Sangeeta Ravindran > >