Issue Summary
Editing page with a panel, warning, note, tip or info macro over https in the browser will trigger mix content action, it will break the certificate trust on request of plugins/servlet/confluence/placeholder/macro-heading?definition=e25vdGV9&locale=en_US&version=2.
Environment
Confluence 6.14.x
Confluence 6.15.x
Confluence 7.0.x
Connector with SSL
Steps to Reproduce
- Create a page and add an excerpt, warning, note, tip or info macro
- Open inspect tools/network tab and edit the page once again.
Expected Results
The certificate will stay trusted (green) and all request will be resolved over HTTPS
Actual Results
At least one request is resolved over HTTP and certificate is not trusted because of mixed content.
localhost_6.14.1.har.zip
Notes
The issue does not exist in 6.13.x
Workaround
Some users have found the below custom HTML resolves the issue in Chrome:
Copy text/code below into BODY section of Configuration --> Custom HTML
<script type="text/javascript">
function fixFrameContent(frameContent, broken_url_prefix) {
var replaced = false;
frameContent.find("img").each(function(index) {
var srcUrl = AJS.$(this).attr("src");
if (srcUrl.toLowerCase().startsWith(broken_url_prefix)) {
var srcNewUrl = srcUrl.substring(broken_url_prefix.length);
AJS.$(this).attr("src", srcNewUrl);
replaced=true;
};
});
frameContent.find("table.wysiwyg-macro").each(function(index) {
AJS.log(AJS.$(this));
var bgiRaw = AJS.$(this).css("background-image");
if (!bgiRaw) return true; var bgiUrlMatch = bgiRaw.match(/url\(["']?(.*)["']?\)/);
if (!bgiUrlMatch) return true; var bgiUrl = bgiUrlMatch[1];
if (bgiUrl.toLowerCase().startsWith(broken_url_prefix)) {
var bgiNewUrl = bgiUrl.substring(broken_url_prefix.length);
AJS.$(this).css("background-image", "url('"+bgiNewUrl+"')");
}
replaced = true;
}); };
AJS.toInit(function() {
if (navigator.userAgent.indexOf("Trident/")>-1) {
AJS.log("Fixing broken macro title - Internet Explorer - fix not required");
return;
}
var broken_url_prefix = Confluence.getBaseUrl().toLowerCase();
if (!broken_url_prefix.startsWith("https")) {
AJS.log("Fixing broken macro title - no https base URL "+broken_url_prefix);
return;
}
broken_url_prefix = "http" + broken_url_prefix.substring(5);
AJS.log("Fixing broken macro title - fixing URL prefix "+broken_url_prefix);
AJS.bind("init.rte", function() {
AJS.$(document).bind('postPaste', function(e, pl, o) {
var copyPasteRetry = 5;
var pasteRetryHandle = setInterval(function() {
copyPasteRetry--;
if(copyPasteRetry<=0) {
clearInterval(pasteRetryHandle);
return;
};
var $pasted = $(o.node);
var frameContent = AJS.$("#wysiwygTextarea_ifr").contents();
replaced = fixFrameContent(frameContent, broken_url_prefix);
if (replaced && copyPasteRetry>2) copyPasteRetry=2;
}, 500); });
var counter = 10;
var replaced = false;
var timerHandle = setInterval(function() {
counter--;
if (counter<=0) {
clearInterval(timerHandle);
return;
}
var frameContent = AJS.$("#wysiwygTextarea_ifr").contents();
replaced = fixFrameContent(frameContent, broken_url_prefix);
if (replaced && counter>2) counter=2;
}, 1000); });
}); </script>