Uploaded image for project: 'Confluence Server and Data Center'
  1. Confluence Server and Data Center
  2. CONFSERVER-57934

Adding panel,excerpt,warning,note,tip or info macro to the page in edit mode will trigger mixed content action in browser

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: High
    • Resolution: Fixed
    • Affects Version/s: 6.14.0, 6.14.1, 6.14.2, 6.15.1, 6.15.2, 6.14.3, 7.0.1, 6.15.4
    • Fix Version/s: 7.3.2
    • Component/s: Content - Page
    • Labels:

      Description

      Issue Summary

      Editing page with a panel, warning, note, tip or info macro over https in the browser will trigger mix content action, it will break the certificate trust on request of plugins/servlet/confluence/placeholder/macro-heading?definition=e25vdGV9&locale=en_US&version=2.

      Environment

      Confluence 6.14.x
      Confluence 6.15.x
      Confluence 7.0.x

      Connector with SSL

      Steps to Reproduce

      1. Create a page and add an excerpt, warning, note, tip or info macro
      2. Open inspect tools/network tab and edit the page once again.

      Expected Results

      The certificate will stay trusted (green) and all request will be resolved over HTTPS

      Actual Results

      At least one request is resolved over HTTP and certificate is not trusted because of mixed content.
      localhost_6.14.1.har.zip

      Notes

      The issue does not exist in 6.13.x

      Workaround

      Some users have found the below custom HTML resolves the issue in Chrome:

      Copy text/code below into BODY section of Configuration --> Custom HTML

       

      <script type="text/javascript">
        function fixFrameContent(frameContent, broken_url_prefix) {
          var replaced = false;
          // Replace broken img src urls
          frameContent.find("img").each(function(index) {
            var srcUrl = AJS.$(this).attr("src");
            if (srcUrl.toLowerCase().startsWith(broken_url_prefix)) {
              var srcNewUrl = srcUrl.substring(broken_url_prefix.length);
              AJS.$(this).attr("src", srcNewUrl);
              replaced=true;
            };
          });  // each img
           
          // Replace broken tables for macro - background img url is broken
          // Iterate over all relevant tables to check background-image URL
          frameContent.find("table.wysiwyg-macro").each(function(index) {
            AJS.log(AJS.$(this));
            var bgiRaw = AJS.$(this).css("background-image");
            if (!bgiRaw) return true;  // nothing to do, continue with next element
            // remove 'url(...)' around the content
            var bgiUrlMatch = bgiRaw.match(/url\(["']?(.*)["']?\)/);
            if (!bgiUrlMatch) return true;  // nothing to do, continue with next element
            var bgiUrl = bgiUrlMatch[1];
            if (bgiUrl.toLowerCase().startsWith(broken_url_prefix)) {
              // Remove broken URL, use relative path!
              var bgiNewUrl = bgiUrl.substring(broken_url_prefix.length);
              AJS.$(this).css("background-image", "url('"+bgiNewUrl+"')");
            }
            replaced = true;
          }); // each macro in iframe   
        };
       
        AJS.toInit(function() {
          if (navigator.userAgent.indexOf("Trident/")>-1) {
            AJS.log("Fixing broken macro title - Internet Explorer - fix not required");
            return;
          }
          // Get Base URL
          var broken_url_prefix = Confluence.getBaseUrl().toLowerCase();
          // Replace https with http
          if (!broken_url_prefix.startsWith("https")) {
            AJS.log("Fixing broken macro title - no https base URL "+broken_url_prefix);
            return;
          }
          // Remove https and add http
          broken_url_prefix = "http" + broken_url_prefix.substring(5);
          AJS.log("Fixing broken macro title - fixing URL prefix "+broken_url_prefix);
       
          // Bind to rich text editor event, triggered when edit button is pressed
          AJS.bind("init.rte", function() {   
            AJS.$(document).bind('postPaste', function(e, pl, o) {
              // iframe is not filled when postPaste occurs, so wait and retry a few times
              var copyPasteRetry = 5;
              var pasteRetryHandle = setInterval(function() {
                copyPasteRetry--;
                if(copyPasteRetry<=0) {
                  clearInterval(pasteRetryHandle);
                  return;          
                };
                // Find out what is being pasted
                var $pasted = $(o.node);
                // Get iframe containing the editor HTML, including the relevant macro tables
                var frameContent = AJS.$("#wysiwygTextarea_ifr").contents();
                // Search editor content for broken links
                replaced = fixFrameContent(frameContent, broken_url_prefix);
                // Stop polling in after a complete next iteration if at least one macro was fixed
                if (replaced && copyPasteRetry>2) copyPasteRetry=2;
              }, 500); // retry interval 500ms
            }); // bind postPaste
               
            var counter = 10;
            var replaced = false;
       
            // iframe is not filled when RTE event occurs
            // (Re-)start polling, found no event to wait until editor iframe is filled
            // and onLoad does not work.
            var timerHandle = setInterval(function() {
              // Stop polling when counter reaches zero
              counter--;
              if (counter<=0) {
                clearInterval(timerHandle);
                return;
              }
              // Get iframe containing the editor HTML, including the relevant macro tables
              var frameContent = AJS.$("#wysiwygTextarea_ifr").contents();
              replaced = fixFrameContent(frameContent, broken_url_prefix);
              // Stop polling in after a complete next iteration if at least one macro was replaced
              if (replaced && counter>2) counter=2;
            }, 1000); // every 1000ms
          });
        }); // toInit
      </script>
      

        Attachments

        1. mixed_contet.jpeg
          mixed_contet.jpeg
          1.83 MB
        2. localhost_6.14.1.har.zip
          1.77 MB

          Issue Links

            Activity

              People

              Assignee:
              qpham@atlassian.com Quan Pham
              Reporter:
              gpaunovic g
              Votes:
              79 Vote for this issue
              Watchers:
              95 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: