-
Bug
-
Resolution: Fixed
-
Neutral
-
6.2.20
-
None
-
None
-
Empty show more show less
-
AdminX 36
-
3
-
Yes
Steps to reproduce
- Create a new install of Magnolia and deploy it to some location using SSL
- Start tomcat up and wait for it to finish loading
- Navigate to the URL of Magnolia using https
- Chrome alerts the page is insecure and won't let you enter license info since the form is trying to post to HTTP not HTTPS.
.. Logs, screenshots, gifs...
Expected results
.. Justify non-trivial expectations with a link to a doc or a relevant discussion.
Form should correctly post to current URL, either specifying the right absolute path or not specifying it and letting the default form behavior post as expected.
Actual results
Form attempts to post to HTTP instead of HTTPS.
Workaround
Either edit form action using DevTools or load Magnolia using a non-HTTPS URL (if possible).
Development notes
We need to use relative URL in case of X-Forwarded-Proto is https
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Proto
Resolution
In the end removal of action attribute was chosen as most bulletproof solution. Its HTTP5 compliant.Â
Acceptance criteria
- is duplicated by
-
MGNLLIC-86 License key form generates non-https action URL
- Closed
1.
|
Implementation | Completed | Evzen Fochr | |
2.
|
Review | Completed | Enrique Espana | |
3.
|
PiQA | Completed | Enrique Espana | |
4.
|
Final QA | Completed | Enrique Espana |