Don't use cross-origin request

'Origin' for IPA login page is 'httpS://xxx'. But 'configured' link has URL like 'http://xxx/ssbrowser.html'. Since IPA web server doesn't use any kind of Access-Control-Allow-Origin rules Mozilla Firefox blocks Cross-Origin request due to the Same Origin policy violation. So, just follow the Same Origin policy. Fixes: https://pagure.io/freeipa/issue/7832 Signed-off-by: Stanislav Levin <slev@altlinux.org> Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
2024-12-23 07:33:27 -06:00 · 2019-01-11 11:05:26 +03:00 · 2019-01-11 11:05:26 +03:00 · e3f37960a0
commit e3f37960a0
parent 965181362a
2 changed files with 7 additions and 7 deletions
--- a/install/ui/src/freeipa/widgets/LoginScreen.js
+++ b/install/ui/src/freeipa/widgets/LoginScreen.js
@ -60,7 +60,7 @@ define(['dojo/_base/declare',
        kerberos_msg: "<i class=\"fa fa-info-circle\"></i> To log in with " +
            "<strong>Kerberos</strong>, please make sure you" +
            " have valid tickets (obtainable via kinit) and <a href=" +
-            "'http://${host}/ipa/config/ssbrowser.html'>configured</a>" +
+            "'${protocol}//${host}/ipa/config/ssbrowser.html'>configured</a>" +
            " the browser correctly, then click Login. ",
        cert_msg: "<i class=\"fa fa-info-circle\"></i> To log in with " +
            "<strong>certificate</strong>, please make sure you have valid " +
@ -582,9 +582,9 @@ define(['dojo/_base/declare',
                this.continue_msg
            );

-            this.kerberos_msg = this.kerberos_msg.replace(
-                '${host}', window.location.hostname
-            );
+            this.kerberos_msg = this.kerberos_msg
+                .replace('${protocol}', window.location.protocol)
+                .replace('${host}', window.location.hostname);

            this.password_change_complete = text.get(
                spec.password_change_complete ||
--- a/ipaserver/plugins/internal.py
+++ b/ipaserver/plugins/internal.py
@ -389,9 +389,9 @@ class i18n_messages(Command):
            "krb_auth_msg": _(
                "<i class=\"fa fa-info-circle\"></i> To log in with "
                "<strong>Kerberos</strong>, please make sure you have valid "
-                "tickets (obtainable via kinit) and <a href='http://${host}/"
-                "ipa/config/ssbrowser.html'>configured</a> the browser "
-                "correctly, then click 'Log in'."),
+                "tickets (obtainable via kinit) and <a href='${protocol}//"
+                "${host}/ipa/config/ssbrowser.html'>configured</a> the browser"
+                " correctly, then click 'Log in'."),
            "loading": _("Loading"),
            "krbprincipal_expired": _(
                "Kerberos Principal you entered is expired"),