Bug 866506 - use https exclusively for https pages (iow no mixed-content pages)
use https exclusively for https pages (iow no mixed-content pages)
Status: CLOSED WONTFIX
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-engine-webadmin-portal (Show other bugs)
3.1.0
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Einav Cohen
Pavel Stehlik
ux
:
: 982830 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-10-15 10:14 EDT by David Jaša
Modified: 2013-07-24 07:21 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-06-05 15:26:39 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description David Jaša 2012-10-15 10:14:45 EDT
Description of problem:
When accessing webadmin or IE8/WinXP complains about part of the content for https page (webadmin and UP login page) being delivered unencrypted. When I refuse such content, I see no change to to page look or behaviour.

No other browser or OS complains about this (IE9/w7, FF/RHEL6) but they might block such content silently.

Version-Release number of selected component (if applicable):
si19.1 / 3.1.0-18.el6ev

How reproducible:
always

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Einav Cohen 2012-10-18 19:49:50 EDT
although we won't support IE8, we still need to figure out why we have mixed content.
Comment 2 Einav Cohen 2012-11-26 16:11:40 EST
there can be several reasons for IE8 to pop out this message - see:

http://stackoverflow.com/questions/4286517/gwt-application-generating-ie-insecure-item-warning
http://code.google.com/p/google-web-toolkit/issues/detail?id=7668
http://blog.httpwatch.com/2009/09/17/even-more-problems-with-the-ie-8-mixed-content-warning/

Need to profile the application (using "HttpWatch" or similar) in order to "catch" the relevant requests that cause this pop-up to appear. 

However, note that it can also be due to reasons that doesn't seem related to http(s) requests at all (e.g. removeChild of a div element with background-image url set - see http://www.pelagodesign.com/blog/2007/10/30/ie7-removechild-and-ssl/), so it can be quite tricky to "catch"/solve.
Comment 3 Yaniv Kaul 2012-11-26 16:14:15 EST
(In reply to comment #2)
> there can be several reasons for IE8 to pop out this message - see:
> 
> http://stackoverflow.com/questions/4286517/gwt-application-generating-ie-
> insecure-item-warning
> http://code.google.com/p/google-web-toolkit/issues/detail?id=7668
> http://blog.httpwatch.com/2009/09/17/even-more-problems-with-the-ie-8-mixed-
> content-warning/
> 
> Need to profile the application (using "HttpWatch" or similar) in order to
> "catch" the relevant requests that cause this pop-up to appear. 

Funny, I've just tried to do it (using Wireshark) today, and couldn't find the offending link. It's not a simple GET.

> 
> However, note that it can also be due to reasons that doesn't seem related
> to http(s) requests at all (e.g. removeChild of a div element with
> background-image url set - see
> http://www.pelagodesign.com/blog/2007/10/30/ie7-removechild-and-ssl/), so it
> can be quite tricky to "catch"/solve.
Comment 5 Einav Cohen 2013-07-24 07:20:55 EDT
*** Bug 982830 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.