Uploaded image for project: 'Confluence Server'
  1. Confluence Server
  2. CONFSERVER-28932

External image sources can trigger a basic authentication dialogue

    XMLWordPrintable

    Details

      Description

      When an external resource(e.g. http://foo.com/image.jpeg) is used as the source of an image tag, if the external resource returns a 401 response code and sets a WWW-Authenticate header then the browsers standard 'Basic authentication' dialogue will pop up within on the confluence page.
      While this is standard (and expected) browser behavior it could confuse users and be used in phishing attacks.

        Attachments

          Activity

            People

            Assignee:
            matt@atlassian.com Matt Ryall
            Reporter:
            scinos Sergio Cinos (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: