Uploaded image for project: 'Confluence Server and Data Center'
  1. Confluence Server and Data Center
  2. CONFSERVER-58098

Copying and pasting Status Macro (or TOC Macro) over https triggers mixed content and breaks certificate trust

    XMLWordPrintable

    Details

      Description

      Issue Summary

      Copying and pasting a status macro (or TOC) over https in the browser will trigger mix content action, it will break the certificate trust on request of:

      Status macro

      • plugins/servlet/status-macro/placeholder?title=titlehere&colour=Yellow

      TOC macro

      • /plugins/servlet/confluence/placeholder/macro?definition=e3RvY30&locale=en_US&version=2

      Environment

      Confluence 6.14.0
      Confluence 6.14.1
      Confluence 6.14.2
      Connector with SSL

      Steps to Reproduce

      1. Create a page and add a status macro (or TOC macro)
      2. Open inspect tools/network tab and edit the page
      3. Copy and paste the status macro

      Expected Results

      The status macro is pasted.

      Actual Results

      The requests are resolved over HTTP and certificate is not trusted because of mixed content.

      Notes

      The issue does not exist in 6.13.0

      Workaround for NGINX

      If a reverse proxy is in use such as NGINX, adding a section to the proxy configuration file to redirect HTTP to HTTPS will address the problem:

      server{
      	listen 80 default_server;
      	listen [::]:80 default_server;
      	server_name _;
      	return 301 https://$host$request_uri;
      }
      

      Workaround for Apache

      If a reverse proxy is in use such as Apache, adding a section to the proxy configuration file to redirect HTTP to HTTPS will address the problem:

      Listen 80
      
      <VirtualHost *:80>
          ServerName _
          RewriteEngine On
          RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,NE,R=301]
      </VirtualHost>
      

      Update (4/26)

      This issue has also been reported when copying/pasting the Jira Issues macro.

      Update 5/21

      This issue has also been reported when copying/pasting emoticons.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              nbhawnani Niraj Bhawnani
              Reporter:
              mrawson Miranda Rawson
              Votes:
              41 Vote for this issue
              Watchers:
              43 Start watching this issue

                Dates

                Due:
                Created:
                Updated:
                Resolved: