[#14386] - How to prevent auth redirect to loginSuccess.json being in HTTP

Category:
Bug report
Priority:
High
Status:
New
Project: Severity:
Major
Resolution:
Open
Component: Reproducibility:
Always
Assigned to:

Setup of environment:

* In Azure with Azure application gateway - SSL is terminated at the gateway
* Application is using visualize.js
* visualize is downloaded via https request on browser
** https://<domain>/jasperserver-pro/client/visualize.js?1601645389
* all the needed components are downoaded successfully via https, eg
** https://<domain>/jasperserver-pro/runtime/AC91FCAB/optimized-scripts/runtime_dependencies/bi-report/src/bi/report/schema/ReportSearch.json
* auth request is made and returns 200
** https://<domain>/jasperserver-pro/rest_v2/settings/auth
* the next request captured by the browser causes a redirect to HTTP
** request - https://<domain>/jasperserver-pro/?pp=gd+HOSrq/DNYTutyiZzI3wCPyN8jNM/+UmD7JDJQ+5968b6eVpxpdtHpruU5d1Qlo793ayZiGXVf4apUI3Tp7ZIGLQwam78cfk+xw4x6aEs=
** Location response header - http://<domain>/jasperserver-pro/scripts/visualize/auth/loginSuccess.json
* redirect is blocked by the browser as insecure - mixed content
** Mixed Content: The page at 'https://<domain>/ams-web/Kernel/w_main.jsp?AA_SID=5fc22511-10ef-4a42-b6f1-855f48b28447' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://<domain>/jasperserver-pro/scripts/visualize/auth/loginSuccess.json'. This request has been blocked; the content must be served over HTTPS.

The jasperserver code appears to be issuing a redirect using explicit protocol

The jaspersoft Tomcat server does not know the actual domain - it's running as a kubernetes service behind the Azure Application Gateway

See also https://community.jaspersoft.com/questions/1199196/how-prevent-auth-redi...

AttachmentSize
Image icon mixed_content_error.png28.27 KB
v7.8.1
Authorization
david_betterton's picture
Joined: Sep 2 2022 - 8:27am
Last seen: 1 month 5 days ago

1 Comment:

#1
AttachmentSize
Image icon network_requests.png185.46 KB
Feedback
randomness