Project

General

Profile

Actions
Copy link

Bug #4010

closed

None HTTPS elements on Foreman Dashboard

Added by Michael Crilly over 10 years ago. Updated about 8 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Web Interface
Target version:
-
Difficulty:
easy
Triaged:
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

When viewing the Foreman dashboard, obviously over HTTPS, the connection isn't considered fully secure due to HTTP elements being retrieved from within the document.

Line 167 shows:

<div id='dashboard' xmlns="http://www.w3.org/1999/html">

This is within segment (10 lines either side):

  </div>
</div>

              &nbsp;
            </div>
            <div id="title_action" class="span6">
              <div class="btn-toolbar ra">Generated at 14 Jan 10:50</div>
            </div>
          </div>

          <div id='dashboard' xmlns="http://www.w3.org/1999/html">

  <div class="row-fluid">
    <div id='status-table' class='stats-well span12'>
      <div class="span6">
        <h4 class="header">Host Configuration Status</h4>
<ul>
    <li><i class="label" style="background-color:#4572A7">&nbsp;</i>&nbsp;<a href="/hosts?search=last_report+%3E+%2235+minutes+ago%22+and+%28status.applied+%3E+0+or+status.restarted+%3E+0%29+and+%28status.failed+%3D+0%29" class="dashboard-links">Hosts that had performed modifications without error</a><h4>0</h4></li>

    <li><i class="label" style="background-color:#AA4643">&nbsp;</i>&nbsp;<a href="/hosts?search=last_report+%3E+%2235+minutes+ago%22+and+%28status.failed+%3E+0+or+status.failed_restarts+%3E+0%29+and+status.enabled+%3D+true" class="dashboard-links">Hosts in error state</a><h4>1</h4></li>

This obviously causes concern within modern browsers and results in a connection that is considered insecure.

My browser details at the time of the bug are "Google Chrome Version 31.0.1650.63 m" on a Windows 7 system. This is the latest version of Google Chrome at the time of writing.

Files

Screen Shot 2014-01-22 at 16.32.22.png View Screen Shot 2014-01-22 at 16.32.22.png 65.7 KB Stephen Benjamin, 01/22/2014 03:35 PM
Actions
Copy link
 #1

Updated by Dominic Cleal over 10 years ago

  • Category changed from Dashboard to Web Interface
  • Priority changed from High to Normal
  • translation missing: en.field_release deleted (1)
Actions
Copy link
 #2

Updated by Stephen Benjamin over 10 years ago

I can't reproduce this on 31.0.1650.63 on Mac OS X (don't have a Win 7 box around) -- but generally, the xml namespace URL shouldn't be considered an insecure item.

Can you go into Chrome, and click View / Developer Tools and expand the "Frames" item under Resources?

You should see the error message with the exact URL's that are triggering the message (see attached screenshot).

Actions
Copy link
 #3

Updated by Tomer Brisker about 8 years ago

  • Status changed from Need more information to Resolved

The xmlns url is no longer present on the dashboard.

Actions
Copy link

Also available in: Atom PDF