Bug #4010
closedNone HTTPS elements on Foreman Dashboard
Description
When viewing the Foreman dashboard, obviously over HTTPS, the connection isn't considered fully secure due to HTTP elements being retrieved from within the document.
Line 167 shows:
<div id='dashboard' xmlns="http://www.w3.org/1999/html">
This is within segment (10 lines either side):
</div> </div> </div> <div id="title_action" class="span6"> <div class="btn-toolbar ra">Generated at 14 Jan 10:50</div> </div> </div> <div id='dashboard' xmlns="http://www.w3.org/1999/html"> <div class="row-fluid"> <div id='status-table' class='stats-well span12'> <div class="span6"> <h4 class="header">Host Configuration Status</h4> <ul> <li><i class="label" style="background-color:#4572A7"> </i> <a href="/hosts?search=last_report+%3E+%2235+minutes+ago%22+and+%28status.applied+%3E+0+or+status.restarted+%3E+0%29+and+%28status.failed+%3D+0%29" class="dashboard-links">Hosts that had performed modifications without error</a><h4>0</h4></li> <li><i class="label" style="background-color:#AA4643"> </i> <a href="/hosts?search=last_report+%3E+%2235+minutes+ago%22+and+%28status.failed+%3E+0+or+status.failed_restarts+%3E+0%29+and+status.enabled+%3D+true" class="dashboard-links">Hosts in error state</a><h4>1</h4></li>
This obviously causes concern within modern browsers and results in a connection that is considered insecure.
My browser details at the time of the bug are "Google Chrome Version 31.0.1650.63 m" on a Windows 7 system. This is the latest version of Google Chrome at the time of writing.
Files
Updated by Dominic Cleal over 10 years ago
- Category changed from Dashboard to Web Interface
- Priority changed from High to Normal
- translation missing: en.field_release deleted (
1)
Updated by Stephen Benjamin over 10 years ago
- File Screen Shot 2014-01-22 at 16.32.22.png Screen Shot 2014-01-22 at 16.32.22.png added
- Status changed from New to Need more information
I can't reproduce this on 31.0.1650.63 on Mac OS X (don't have a Win 7 box around) -- but generally, the xml namespace URL shouldn't be considered an insecure item.
Can you go into Chrome, and click View / Developer Tools and expand the "Frames" item under Resources?
You should see the error message with the exact URL's that are triggering the message (see attached screenshot).
Updated by Tomer Brisker about 8 years ago
- Status changed from Need more information to Resolved
The xmlns url is no longer present on the dashboard.