Syllabus redirect feature has issues with urls that are not allowed to be framed
Description
Attachments
is depended on by
is duplicated by
is related to
Activity
Hudson CI Server May 30, 2014 at 12:04 PM
Integrated in sakai-10-java-1.7 #82 (See http://builds.sakaiproject.org:8080/job/sakai-10-java-1.7/82/)
database conversion scripts for 10 (Revision 309979)
Result = UNSTABLE
Hudson CI Server May 19, 2014 at 5:03 PM
Integrated in sakai-trunk-java-1.7 #254 (See http://builds.sakaiproject.org:8080/job/sakai-trunk-java-1.7/254/)
mixed-content and syllabus redirect (Revision 309641)
Result = UNSTABLE
Matthew Jones January 29, 2014 at 6:45 AM
Ok, great, thanks for the feedback, I'm going to mark this as verified.
Daniel Merino January 29, 2014 at 5:50 AM
After two days since we added your last commit to our production environment, the log messages have completely dissapeared. Thanks a lot, Matthew!
Matthew Jones January 24, 2014 at 10:19 AM
I added a NPE check on 133632 as getSyllabusItem could return back a null if the syllabus item doesn't exist and the user doesn't have permission. I'm not 100% sure either what was going on here, but I don't think it's a result of returning null anymore. I can't seem to reproduce it though. Let me know if this fixes it.
Details
Priority
MajorAffects versions
Fix versions
Components
Assignee
Matthew JonesMatthew JonesReporter
John BushJohn BushLabels
Conversion Script Required
Yes
Details
Details
Priority
Major
Steps to recreate:
attempt to enter https://www.google.com/ as the url for a syllabus redirect. The page will not render. In chrome, if you check the console log you will see the following error:
Refused to display 'https://www.google.com/' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.
In a similar way, you will receive warnings about when sakai and the redirect url are from mixed protocols (http or https) but at least right now in chrome it still renders, this probably won't be the case in the future, and in firefox we know they are already shutting down mixed content.
https://blog.mozilla.org/tanvi/2013/04/10/mixed-content-blocking-enabled-in-firefox-23/
The best solution might be to just launch syllabus redirect content in a new window in these situations. So adding an option in the UI to open in a new window might be the way to address it.