Uploaded image for project: 'Confluence Server and Data Center'
  1. Confluence Server and Data Center
  2. CONFSERVER-57934

Adding panel,excerpt,warning,note,tip or info macro to the page in edit mode will trigger mixed content action in browser

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: High
    • Resolution: Fixed
    • Affects Version/s: 6.14.0, 6.14.1, 6.14.2, 6.15.1, 6.15.2, 6.14.3, 7.0.1, 6.15.4
    • Fix Version/s: 7.3.2
    • Component/s: Content - Page
    • Labels:

      Description

      Issue Summary

      Editing page with a panel, warning, note, tip or info macro over https in the browser will trigger mix content action, it will break the certificate trust on request of plugins/servlet/confluence/placeholder/macro-heading?definition=e25vdGV9&locale=en_US&version=2.

      Environment

      Confluence 6.14.x
      Confluence 6.15.x
      Confluence 7.0.x

      Connector with SSL

      Steps to Reproduce

      1. Create a page and add an excerpt, warning, note, tip or info macro
      2. Open inspect tools/network tab and edit the page once again.

      Expected Results

      The certificate will stay trusted (green) and all request will be resolved over HTTPS

      Actual Results

      At least one request is resolved over HTTP and certificate is not trusted because of mixed content.
      localhost_6.14.1.har.zip

      Notes

      The issue does not exist in 6.13.x

      Workaround

      Some users have found the below custom HTML resolves the issue in Chrome:

      Copy text/code below into BODY section of Configuration --> Custom HTML

       

      <script type="text/javascript">
  function fixFrameContent(frameContent, broken_url_prefix) {
    var replaced = false;
    // Replace broken img src urls
    frameContent.find("img").each(function(index) {
      var srcUrl = AJS.$(this).attr("src");
      if (srcUrl.toLowerCase().startsWith(broken_url_prefix)) {
        var srcNewUrl = srcUrl.substring(broken_url_prefix.length);
        AJS.$(this).attr("src", srcNewUrl);
        replaced=true;
      };
    });  // each img
     
    // Replace broken tables for macro - background img url is broken
    // Iterate over all relevant tables to check background-image URL
    frameContent.find("table.wysiwyg-macro").each(function(index) {
      AJS.log(AJS.$(this));
      var bgiRaw = AJS.$(this).css("background-image");
      if (!bgiRaw) return true;  // nothing to do, continue with next element
      // remove 'url(...)' around the content
      var bgiUrlMatch = bgiRaw.match(/url\(["']?(.*)["']?\)/);
      if (!bgiUrlMatch) return true;  // nothing to do, continue with next element
      var bgiUrl = bgiUrlMatch[1];
      if (bgiUrl.toLowerCase().startsWith(broken_url_prefix)) {
        // Remove broken URL, use relative path!
        var bgiNewUrl = bgiUrl.substring(broken_url_prefix.length);
        AJS.$(this).css("background-image", "url('"+bgiNewUrl+"')");
      }
      replaced = true;
    }); // each macro in iframe   
  };
 
  AJS.toInit(function() {
    if (navigator.userAgent.indexOf("Trident/")>-1) {
      AJS.log("Fixing broken macro title - Internet Explorer - fix not required");
      return;
    }
    // Get Base URL
    var broken_url_prefix = Confluence.getBaseUrl().toLowerCase();
    // Replace https with http
    if (!broken_url_prefix.startsWith("https")) {
      AJS.log("Fixing broken macro title - no https base URL "+broken_url_prefix);
      return;
    }
    // Remove https and add http
    broken_url_prefix = "http" + broken_url_prefix.substring(5);
    AJS.log("Fixing broken macro title - fixing URL prefix "+broken_url_prefix);
 
    // Bind to rich text editor event, triggered when edit button is pressed
    AJS.bind("init.rte", function() {   
      AJS.$(document).bind('postPaste', function(e, pl, o) {
        // iframe is not filled when postPaste occurs, so wait and retry a few times
        var copyPasteRetry = 5;
        var pasteRetryHandle = setInterval(function() {
          copyPasteRetry--;
          if(copyPasteRetry<=0) {
            clearInterval(pasteRetryHandle);
            return;          
          };
          // Find out what is being pasted
          var $pasted = $(o.node);
          // Get iframe containing the editor HTML, including the relevant macro tables
          var frameContent = AJS.$("#wysiwygTextarea_ifr").contents();
          // Search editor content for broken links
          replaced = fixFrameContent(frameContent, broken_url_prefix);
          // Stop polling in after a complete next iteration if at least one macro was fixed
          if (replaced && copyPasteRetry>2) copyPasteRetry=2;
        }, 500); // retry interval 500ms
      }); // bind postPaste
         
      var counter = 10;
      var replaced = false;
 
      // iframe is not filled when RTE event occurs
      // (Re-)start polling, found no event to wait until editor iframe is filled
      // and onLoad does not work.
      var timerHandle = setInterval(function() {
        // Stop polling when counter reaches zero
        counter--;
        if (counter<=0) {
          clearInterval(timerHandle);
          return;
        }
        // Get iframe containing the editor HTML, including the relevant macro tables
        var frameContent = AJS.$("#wysiwygTextarea_ifr").contents();
        replaced = fixFrameContent(frameContent, broken_url_prefix);
        // Stop polling in after a complete next iteration if at least one macro was replaced
        if (replaced && counter>2) counter=2;
      }, 1000); // every 1000ms
    });
  }); // toInit
</script>

        Attachments

        1. localhost_6.14.1.har.zip
          1.77 MB
          g
        2. mixed_contet.jpeg
          1.83 MB
          g

          Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. CONFSERVER-58098 Copying and pasting Status Macro (or TOC Macro) over https triggers mixed content and breaks certificate trust

          • Medium - Medium priority issues
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. CONFSERVER-52441 Emoticon is changing to image after the first save and edit of the page

          • Highest - Our top priority issues
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. CONFSERVER-58681 Linking image renders image as HTTP instead of HTTPS

          • High - High priority issues
          • Closed
          mentioned in

          Page Loading...

          Page Loading...

          Page Loading...

            Activity

              People

              Assignee:
              qpham@atlassian.com Quan Pham
              Reporter:
              gpaunovic g
              Votes:
              79 Vote for this issue
              Watchers:
              95 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: