Details
-
Bug
-
Resolution: Fixed
-
High
-
6.14.0, 6.14.1, 6.14.2, 6.14.3, 6.15.1, 6.15.2, 6.15.4, 7.0.1
-
61
-
Severity 3 - Minor
-
72
-
Description
Issue Summary
Editing page with a panel, warning, note, tip or info macro over https in the browser will trigger mix content action, it will break the certificate trust on request of plugins/servlet/confluence/placeholder/macro-heading?definition=e25vdGV9&locale=en_US&version=2.
Environment
Confluence 6.14.x
Confluence 6.15.x
Confluence 7.0.x
Connector with SSL
Steps to Reproduce
- Create a page and add an excerpt, warning, note, tip or info macro
- Open inspect tools/network tab and edit the page once again.
Expected Results
The certificate will stay trusted (green) and all request will be resolved over HTTPS
Actual Results
At least one request is resolved over HTTP and certificate is not trusted because of mixed content.
localhost_6.14.1.har.zip
Notes
The issue does not exist in 6.13.x
Workaround
Some users have found the below custom HTML resolves the issue in Chrome:
Copy text/code below into BODY section of Configuration --> Custom HTML
<script type="text/javascript"> function fixFrameContent(frameContent, broken_url_prefix) { var replaced = false; // Replace broken img src urls frameContent.find("img").each(function(index) { var srcUrl = AJS.$(this).attr("src"); if (srcUrl.toLowerCase().startsWith(broken_url_prefix)) { var srcNewUrl = srcUrl.substring(broken_url_prefix.length); AJS.$(this).attr("src", srcNewUrl); replaced=true; }; }); // each img // Replace broken tables for macro - background img url is broken // Iterate over all relevant tables to check background-image URL frameContent.find("table.wysiwyg-macro").each(function(index) { AJS.log(AJS.$(this)); var bgiRaw = AJS.$(this).css("background-image"); if (!bgiRaw) return true; // nothing to do, continue with next element // remove 'url(...)' around the content var bgiUrlMatch = bgiRaw.match(/url\(["']?(.*)["']?\)/); if (!bgiUrlMatch) return true; // nothing to do, continue with next element var bgiUrl = bgiUrlMatch[1]; if (bgiUrl.toLowerCase().startsWith(broken_url_prefix)) { // Remove broken URL, use relative path! var bgiNewUrl = bgiUrl.substring(broken_url_prefix.length); AJS.$(this).css("background-image", "url('"+bgiNewUrl+"')"); } replaced = true; }); // each macro in iframe }; AJS.toInit(function() { if (navigator.userAgent.indexOf("Trident/")>-1) { AJS.log("Fixing broken macro title - Internet Explorer - fix not required"); return; } // Get Base URL var broken_url_prefix = Confluence.getBaseUrl().toLowerCase(); // Replace https with http if (!broken_url_prefix.startsWith("https")) { AJS.log("Fixing broken macro title - no https base URL "+broken_url_prefix); return; } // Remove https and add http broken_url_prefix = "http" + broken_url_prefix.substring(5); AJS.log("Fixing broken macro title - fixing URL prefix "+broken_url_prefix); // Bind to rich text editor event, triggered when edit button is pressed AJS.bind("init.rte", function() { AJS.$(document).bind('postPaste', function(e, pl, o) { // iframe is not filled when postPaste occurs, so wait and retry a few times var copyPasteRetry = 5; var pasteRetryHandle = setInterval(function() { copyPasteRetry--; if(copyPasteRetry<=0) { clearInterval(pasteRetryHandle); return; }; // Find out what is being pasted var $pasted = $(o.node); // Get iframe containing the editor HTML, including the relevant macro tables var frameContent = AJS.$("#wysiwygTextarea_ifr").contents(); // Search editor content for broken links replaced = fixFrameContent(frameContent, broken_url_prefix); // Stop polling in after a complete next iteration if at least one macro was fixed if (replaced && copyPasteRetry>2) copyPasteRetry=2; }, 500); // retry interval 500ms }); // bind postPaste var counter = 10; var replaced = false; // iframe is not filled when RTE event occurs // (Re-)start polling, found no event to wait until editor iframe is filled // and onLoad does not work. var timerHandle = setInterval(function() { // Stop polling when counter reaches zero counter--; if (counter<=0) { clearInterval(timerHandle); return; } // Get iframe containing the editor HTML, including the relevant macro tables var frameContent = AJS.$("#wysiwygTextarea_ifr").contents(); replaced = fixFrameContent(frameContent, broken_url_prefix); // Stop polling in after a complete next iteration if at least one macro was replaced if (replaced && counter>2) counter=2; }, 1000); // every 1000ms }); }); // toInit </script>
Attachments
Issue Links
- is related to
-
-
- Closed
-
- relates to
-
-
- Closed
-
-
-
- Closed
-