Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id EA6C7200C51 for ; Sun, 26 Mar 2017 05:47:47 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id E910D160B96; Sun, 26 Mar 2017 03:47:47 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 3C4CF160B88 for ; Sun, 26 Mar 2017 05:47:47 +0200 (CEST) Received: (qmail 20678 invoked by uid 500); 26 Mar 2017 03:47:46 -0000 Mailing-List: contact issues-help@struts.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@struts.apache.org Delivered-To: mailing list issues@struts.apache.org Received: (qmail 20668 invoked by uid 99); 26 Mar 2017 03:47:46 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd2-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 26 Mar 2017 03:47:46 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id C7C191A7A42 for ; Sun, 26 Mar 2017 03:47:45 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -99.202 X-Spam-Level: X-Spam-Status: No, score=-99.202 tagged_above=-999 required=6.31 tests=[KAM_ASCII_DIVIDERS=0.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=disabled Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024) with ESMTP id US1VtVmw8KmI for ; Sun, 26 Mar 2017 03:47:45 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTP id B3D3C5FB30 for ; Sun, 26 Mar 2017 03:47:44 +0000 (UTC) Received: from jira-lw-us.apache.org (unknown [207.244.88.139]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id C3B32E06CC for ; Sun, 26 Mar 2017 03:47:42 +0000 (UTC) Received: from jira-lw-us.apache.org (localhost [127.0.0.1]) by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id D302624065 for ; Sun, 26 Mar 2017 03:47:41 +0000 (UTC) Date: Sun, 26 Mar 2017 03:47:41 +0000 (UTC) From: "upendar (JIRA)" To: issues@struts.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (WW-4774) Upgrding Struts 2.3.1 to 2.5.10.1 - Redirect issues HTTPS to HTTP MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Sun, 26 Mar 2017 03:47:48 -0000 [ https://issues.apache.org/jira/browse/WW-4774?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15942117#comment-15942117 ] upendar commented on WW-4774: ----------------------------- The configuration is ELB ---->Apache -- ELB -- UI Server (Jetty 8.1.4) (https) -->http ---http>http --- and the SSL is terminated at ELB. The URL in the browser shows HTTPS always when the application is opened in the browser. I believe acccountxxx.create action is HTTPS since on mainwindow we have search page that is working fine and shows HTTPS in chrome developer tools. you can help me how to check to confirm - what code to add to check ? Also what class /library code to will change HTTPS to HTTP for redirect url ? I see many users raised questions on struts 2 HTTPS-HTTP but I didnt find any concrete answer for this. could you check and let us know are there any specific migrations steps to be followed for upgrade 2.3.1 to 2.5.10.1 since the same configurations in struts and apache server working fine with 2.3.1 and why not for latest version?are there any specific code involved for this change HTTPS to HTTP? is 2.5.10.1 version is stable ? > Upgrding Struts 2.3.1 to 2.5.10.1 - Redirect issues HTTPS to HTTP > ------------------------------------------------------------------ > > Key: WW-4774 > URL: https://issues.apache.org/jira/browse/WW-4774 > Project: Struts 2 > Issue Type: Bug > Reporter: upendar > Priority: Critical > > We are upgrading Struts2 from 2.3.1 to 2.5.10.1 ; redirect making https:// to http:// . The following errors in chrome and IE are seen while redirecting from the popup to main window > redirecting popup (create user) --- main window (viewdashboard) - the URL shows https:// to http:// > We are blocked completely due to this issue and need support ASAP. We also reviewed the apache server configurations and looks good. Please share the fix in detail. > Error Issue in chrome : > Mixed Content: The page at 'https://XXXXX/XX/XX/viewdashboard?clear&Id=1&uar=44' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://XXX/XX/XX/viewdashboard?uar=44&Id=1'. This request has been blocked; the content must be served over HTTPS. > Issue in IE > SEC7127: Redirect was blocked for CORS request. > File: account > SCRIPT7002: XMLHttpRequest: Network Error 0x2ef1, Could not complete the operation due to error 00002ef1. -- This message was sent by Atlassian JIRA (v6.3.15#6346)