Bug 1033090
Summary: | When webadmin redirects to reports the browser shows resend confirmation dialog | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Virtualization Manager | Reporter: | Juan Hernández <juan.hernandez> | ||||
Component: | jasperreports-server-pro | Assignee: | Juan Hernández <juan.hernandez> | ||||
Status: | CLOSED ERRATA | QA Contact: | Barak Dagan <bdagan> | ||||
Severity: | unspecified | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 3.3.0 | CC: | acathrow, bazulay, iheim, juan.hernandez, pstehlik, Rhev-m-bugs, sherold, yeylon, ylavi | ||||
Target Milestone: | --- | Keywords: | Triaged | ||||
Target Release: | 3.3.0 | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | infra | ||||||
Fixed In Version: | IS25 - rhevm-reports-3.3.0-23.el6ev.noarch.rpm | Doc Type: | Bug Fix | ||||
Doc Text: |
Previously, when accessing reports from the administration portal, the browser opened a new tab with the following message: "To display this page, Firefox must send information that will repeat any action (such as search or order confirmation) that was performed earlier."
This has been fixed by removing the Javascript code that checks authentication and resubmits the request, so this confirmation message no longer appears.
|
Story Points: | --- | ||||
Clone Of: | |||||||
: | 1053234 (view as bug list) | Environment: | |||||
Last Closed: | 2014-01-21 17:45:20 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | Infra | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 1038284, 1053234 | ||||||
Attachments: |
|
Description
Juan Hernández
2013-11-21 14:25:26 UTC
This is the POST request that is sent twice, one without confirmation, second one after clicking "Resend": ---8<--- POST /rhevm-reports/flow.html?viewAsDashboardFrame=false HTTP/1.1 Host: rhel.example.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en,en-us;q=0.5 Accept-Encoding: gzip, deflate Referer: http://rhel.example.com/webadmin/webadmin/WebAdmin.html?locale=en_US Cookie: userLocale=en_US; userTimezone=Europe/Madrid; locale=en_US Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 235 sessionID=6m9vudQBEVicuxDJV3b-mH0r&_flowId=viewReportFlow&active_hosts_select=AND%2Bdelete_date%2BIS%2BNULL&userLocale=en_US&reportUnit=%2FReports%2FExecutive%2Factive_vms_by_os_br18&P_DataCenter_ID=5849b030-626e-47cb-ad90-3ce782d831b3 --->8--- The integration mechanism between webadmin and reports works as follows: 1. When a report is selected in webadmin the GWT application creates a new frame named "_blank" (this corresponds to a new tab by default) and generates a form inside this frame that when posted will send the above request. 2. Immediately the GWT application forces the post of the form, which loads the reports application in the new tab. I don't yet understand what is forcing the browser to post the same form again. Created attachment 827242 [details]
Screenshot of the confirmation dialog
I have tested to replace the /rhevm-reports application with a dummy application that has only a dummy flow.html page. With this dummy application the integration works correctly, there is no repeated post or confirmation dialog. This probably means that whatever forces the repeated post is in the reports application itself, and may be completely legitimate. As the browser shows this dialog only for POST requests I think that we can solve this issue using GET instead. Agreed, GET isn't an option, I am retiring the proposed patch. This is the sequence of requests that leads to the confirmation dialog displayed by the browser: 1. Connect to webadmin and authenticate with your user name and password. This will have the side effect of generating a session cookie. 2. In the data centers main tab right click in the default data center and select the first report (BR18). 3. Webadmin dynamically creates a new browser tab (or window, it is just a new frame named "_blank") and will populate it with a form similar to this one: <form action="/rhevm-reports/flow.html?viewAsDashboardFrame=false" method="post"> <input type="hidden" name="sessionID" value="the value of the JSESSIONID cookie"/> <input type="hidden" name="_flowId" value="viewReportFlow"/> <input type="hidden" name="active_hosts_select" value="AND delete_date IS NULL"/> <input type="hidden" name="userLocale" value="en_US"/> <input type="hidden" name="reportUnit" value="/Reports/Executive/active_vms_by_os_br18"/> <input type="hidden" name="P_DataCenter_ID" value="the id of the default datacenter"/> 3. Webadmin will automatically submit this form, with a request like this: POST /rhevm-reports/flow.html?viewAsDashboardFrame=false HTTP/1.1 Host: rhel.example.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en,en-us;q=0.5 Accept-Encoding: gzip, deflate Referer: http://rhel.example.com/webadmin/a.html Cookie: userLocale=en_US; locale=en_US Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 229 sessionID=the_value_of_the_JSESSIONID_cookie&_flowId=viewReportFlow&active_hosts_select=AND+delete_date+IS+NULL&userLocale=en_US&reportUnit=%2FReports%2FExecutive%2Factive_vms_by_os_br18&P_DataCenter_ID=the_id_of_the_data_center 4. The reports application responds like this: 200 OK Date: Thu, 21 Nov 2013 17:49:00 GMT P3P: CP="ALL" Set-Cookie: JSESSIONID=Nln6WPijJnWqgfFQ1V2f6-N6; Path=/rhevm-reports Set-Cookie: userLocale=en_US;Expires=Fri, 22-Nov-2013 17:49:00 GMT;HttpOnly Pragma: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT Cache-Control: no-cache Cache-Control: no-store X-Powered-By: JSP/2.2 Content-Type: text/html;charset=UTF-8 Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 11546 Connection: close The body of this reponse is too long to post here, but I guess that it contains a copy of the parameters of the initial request: Report.allRequestParameters = {"_flowId":["viewReportFlow"],"sessionID":["the_value_of_the_JSESSIONID_cookie"],"P_DataCenter_ID":["the_id_of_the_data_center"],"active_hosts_select":["AND delete_date IS NULL"],"userLocale":["en_US"],"reportUnit":["/Reports/Executive/active_vms_by_os_br18"],"viewAsDashboardFrame":["false"]}; I guess that this is saved in order to submit the form again after authentication. 4. The HTML page in the body returned in the previous step makes a reference the following Javascript resource: <script type="text/javascript" src="/rhevm-reports/getRequirejsConfig.html"></script> So the browser tries to fetch this with the following request: GET /rhevm-reports/getRequirejsConfig.html HTTP/1.1 Host: rhel.example.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0 Accept: */* Accept-Language: en,en-us;q=0.5 Accept-Encoding: gzip, deflate Referer: http://rhel.example.com/rhevm-reports/flow.html?viewAsDashboardFrame=false Cookie: userLocale=en_US; JSESSIONID=Nln6WPijJnWqgfFQ1V2f6-N6; locale=en_US Connection: keep-alive 5. The reports application responds with a redirection to the login page: HTTP/1.1 302 Moved Temporarily Date: Thu, 21 Nov 2013 17:49:00 GMT P3P: CP="ALL" Location: http://rhel.example.com/rhevm-reports/login.html Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 20 Connection: close Content-Type: text/html; charset=UTF-8 6. The browser then goes to the new location: GET /rhevm-reports/login.html HTTP/1.1 Host: rhel.example.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en,en-us;q=0.5 Accept-Encoding: gzip, deflate Referer: http://rhel.example.com/rhevm-reports/flow.html?viewAsDashboardFrame=false Cookie: userLocale=en_US; JSESSIONID=Nln6WPijJnWqgfFQ1V2f6-N6; locale=en_US Connection: keep-alive 7. The reports application responds with this: HTTP/1.1 200 OK Date: Thu, 21 Nov 2013 17:49:01 GMT P3P: CP="ALL" X-Powered-By: JSP/2.2 LoginRequested: true Content-Type: text/html;charset=UTF-8 Content-Language: en-US Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 9939 Connection: close I guess that the HTML page that this return contains Javascript code that checks if the user is already authenticated and then uses the Referer header and the saved form parameters to submit the original form again. It is here where the browser displays the confirmation dialog. Cased opened number 00041745 Yaniv This is the recommendation from the Jaspersoft team: ---8<--- We found the exact issue. As a workaround, you could go to webapp\WEB-INF\jsp\modules\viewReport\ViewReportState.jsp and take out window.location.reload(); You might want to do the same in \webapp\WEB-INF\jsp\modules\dashboard\dashboardDesignerViewFrame.jsp Make sure to clean up the work directory with compiled jsp's too. --->8--- I tested that manually and it worked correctly for me. This bug is currently attached to errata RHSA-2013:15137 . If this change is not to be documented in the text for this errata please either remove it from the errata, set the requires_doc_text flag to minus (-), or leave a "Doc Text" value of "--no tech note required" if you do not have permission to alter the flag. Otherwise to aid in the development of relevant and accurate release documentation, please fill out the "Doc Text" field above with these four (4) pieces of information: * Cause: What actions or circumstances cause this bug to present. * Consequence: What happens when the bug presents. * Fix: What was done to fix the bug. * Result: What now happens when the actions or circumstances above occur. (NB: this is not the same as 'the bug doesn't present anymore') Once filled out, please set the "Doc Type" field to the appropriate value for the type of change made and submit your edits to the bug. For further details on the Cause, Consequence, Fix, Result format please refer to: https://bugzilla.redhat.com/page.cgi?id=fields.html#cf_release_notes Thanks in advance. Verified on is25 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2014-0037.html |