From e3f37960a00b3f1fb70cd7bdde4daf1a266edc1e Mon Sep 17 00:00:00 2001 From: Stanislav Levin Date: Fri, 11 Jan 2019 11:05:26 +0300 Subject: [PATCH] Don't use cross-origin request 'Origin' for IPA login page is 'httpS://xxx'. But 'configured' link has URL like 'http://xxx/ssbrowser.html'. Since IPA web server doesn't use any kind of Access-Control-Allow-Origin rules Mozilla Firefox blocks Cross-Origin request due to the Same Origin policy violation. So, just follow the Same Origin policy. Fixes: https://pagure.io/freeipa/issue/7832 Signed-off-by: Stanislav Levin Reviewed-By: Serhii Tsymbaliuk --- install/ui/src/freeipa/widgets/LoginScreen.js | 8 ++++---- ipaserver/plugins/internal.py | 6 +++--- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/install/ui/src/freeipa/widgets/LoginScreen.js b/install/ui/src/freeipa/widgets/LoginScreen.js index b4af193bb..c3431e1d0 100644 --- a/install/ui/src/freeipa/widgets/LoginScreen.js +++ b/install/ui/src/freeipa/widgets/LoginScreen.js @@ -60,7 +60,7 @@ define(['dojo/_base/declare', kerberos_msg: " To log in with " + "Kerberos, please make sure you" + " have valid tickets (obtainable via kinit) and configured" + + "'${protocol}//${host}/ipa/config/ssbrowser.html'>configured" + " the browser correctly, then click Login. ", cert_msg: " To log in with " + "certificate, please make sure you have valid " + @@ -582,9 +582,9 @@ define(['dojo/_base/declare', this.continue_msg ); - this.kerberos_msg = this.kerberos_msg.replace( - '${host}', window.location.hostname - ); + this.kerberos_msg = this.kerberos_msg + .replace('${protocol}', window.location.protocol) + .replace('${host}', window.location.hostname); this.password_change_complete = text.get( spec.password_change_complete || diff --git a/ipaserver/plugins/internal.py b/ipaserver/plugins/internal.py index 9ed44ccfa..4b06027f8 100644 --- a/ipaserver/plugins/internal.py +++ b/ipaserver/plugins/internal.py @@ -389,9 +389,9 @@ class i18n_messages(Command): "krb_auth_msg": _( " To log in with " "Kerberos, please make sure you have valid " - "tickets (obtainable via kinit) and configured the browser " - "correctly, then click 'Log in'."), + "tickets (obtainable via kinit) and configured the browser" + " correctly, then click 'Log in'."), "loading": _("Loading"), "krbprincipal_expired": _( "Kerberos Principal you entered is expired"),