[MGNLEE-708] Initial license page uses incorrect URL for form Created: 05/Jul/22  Updated: 08/Jun/23  Resolved: 06/Jun/23

Status: Closed
Project: Magnolia DX Core
Component/s: None
Affects Version/s: 6.2.20
Fix Version/s: 6.3.0, 6.2.35

Type: Bug Priority: Neutral
Reporter: Brian Duffey Assignee: Evzen Fochr
Resolution: Fixed Votes: 1
Labels: None
Σ Remaining Estimate: Not Specified Remaining Estimate: Not Specified
Σ Time Spent: Not Specified Time Spent: Not Specified
Σ Original Estimate: Not Specified Original Estimate: Not Specified

Attachments: PNG File Screen Shot 2022-07-05 at 10.16.24 AM.png     PNG File Screen Shot 2022-07-05 at 10.16.42 AM.png    
Issue Links:
dependency
duplicate
is duplicated by MGNLLIC-86 License key form generates non-https ... Closed
Sub-Tasks:
Key
Summary
Type
Status
Assignee
MGNLEE-787 Implementation Technical task Completed Evzen Fochr  
MGNLEE-788 Review Technical task Completed Enrique Espana  
MGNLEE-789 PiQA Technical task Completed Enrique Espana  
MGNLEE-790 Final QA Technical task Completed Enrique Espana  
Template:
Acceptance criteria:
Empty
Task DoD:
[X]* Doc/release notes changes? Comment present?
[X]* Downstream builds green?
[X]* Solution information and context easily available?
[X]* Tests
[X]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Date of First Response:
Epic Link: Magnolia License maintenance
Sprint: AdminX 36
Story Points: 3
Team: AdminX
Work Started:
Approved:
Yes

 Description   

Steps to reproduce

  1. Create a new install of Magnolia and deploy it to some location using SSL
  2. Start tomcat up and wait for it to finish loading
  3. Navigate to the URL of Magnolia using https
  4. Chrome alerts the page is insecure and won't let you enter license info since the form is trying to post to HTTP not HTTPS.

.. Logs, screenshots, gifs...

Expected results

.. Justify non-trivial expectations with a link to a doc or a relevant discussion.

Form should correctly post to current URL, either specifying the right absolute path or not specifying it and letting the default form behavior post as expected.

Actual results

Form attempts to post to HTTP instead of HTTPS.

Workaround

Either edit form action using DevTools or load Magnolia using a non-HTTPS URL (if possible).

Development notes

https://git.magnolia-cms.com/projects/PLATFORM/repos/dx-core/browse/magnolia-module-enterprise/src/main/resources/info/magnolia/enterprise/registration/not-registered.html#46

We need to use relative URL in case of X-Forwarded-Proto is https

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Proto

Resolution

In the end removal of action attribute was chosen as most bulletproof solution. Its HTTP5 compliant. 


Generated at Mon Feb 12 05:32:34 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.