ofbiz-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael Brohl (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (OFBIZ-9206) Login and logout process in demos shows a certificate issue
Date Wed, 15 Feb 2017 20:08:41 GMT

    [ https://issues.apache.org/jira/browse/OFBIZ-9206?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15868492#comment-15868492
] 

Michael Brohl commented on OFBIZ-9206:
--------------------------------------

The current state prevents Firefox users from accessing the site. After login, the certificate
warning page is displayed, stating that the application uses HTTP Strict Transport Security
(HSTS) and does not allow to enter an exception to show the page regardless of the false certificate
informations.

I know nothing about the specific configurations of the ASF server but it's a fairly common
use case to have several OFBiz instances running on different ports mapped against different
subdomains using SSL certificates.

Can you explain what makes our configuration special?

I propose to remove the demo links from our website as long as we have these problems because
I think it puts the project in a bad light.

> Login and logout process in demos shows a certificate issue
> -----------------------------------------------------------
>
>                 Key: OFBIZ-9206
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-9206
>             Project: OFBiz
>          Issue Type: Bug
>          Components: Demo
>            Reporter: Jacques Le Roux
>            Priority: Minor
>
> When, from the site main page http://ofbiz.apache.org/, you get to the demos depending
on browser (tested on Windows 7) you get some issues:
> * FF
> ** Management Apps: OK
> ** Ecommerce: OK
> * Chrome (Management Apps or Ecommerce)
> ** stable: OK
> ** old: KO - If you copy the URL by hand it works, and after even from the main page
it works.
> ** trunk: OK
> * IE, same than Chrome
> If, from any browser, you logout from Management Apps you get a certificate issue. Actually
as we use HSTS the browsers protect us from any 3rd party intrusions... Same issue when login
in.
> So it seems we have a certificate issue after OFBIZ-7928 and INFRA-11960. Maybe it's
due to how OFBiz redirects when login in or login out because, so far, only the login page
is concerned...



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message