-
Bug
-
Resolution: Fixed
-
Medium
-
6.14.0, 6.14.1, 6.14.2, 6.14.3, 6.15.1, 6.15.2, 6.15.4, 6.15.10, 7.0.1, 7.1.0, 7.1.2, 7.2.1, 7.3.1
-
32
-
Severity 3 - Minor
-
12
-
Issue Summary
Copying and pasting a status macro (or TOC) over https in the browser will trigger mix content action, it will break the certificate trust on request of:
Status macro
- plugins/servlet/status-macro/placeholder?title=titlehere&colour=Yellow
TOC macro
- /plugins/servlet/confluence/placeholder/macro?definition=e3RvY30&locale=en_US&version=2
Environment
Confluence 6.14.0
Confluence 6.14.1
Confluence 6.14.2
Connector with SSL
Steps to Reproduce
- Create a page and add a status macro (or TOC macro)
- Open inspect tools/network tab and edit the page
- Copy and paste the status macro
Expected Results
The status macro is pasted.
Actual Results
The requests are resolved over HTTP and certificate is not trusted because of mixed content.
Notes
The issue does not exist in 6.13.0
Workaround for NGINX
If a reverse proxy is in use such as NGINX, adding a section to the proxy configuration file to redirect HTTP to HTTPS will address the problem:
server{
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
Workaround for Apache
If a reverse proxy is in use such as Apache, adding a section to the proxy configuration file to redirect HTTP to HTTPS will address the problem:
Listen 80
<VirtualHost *:80>
ServerName _
RewriteEngine On
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,NE,R=301]
</VirtualHost>
Update (4/26)
This issue has also been reported when copying/pasting the Jira Issues macro.
Update 5/21
This issue has also been reported when copying/pasting emoticons.
- relates to
-
-
- Closed
-
-
-
- Closed
-