Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

1.6.2 Exec tries to load mixed content #2209

Closed
hanikesn opened this issue Jul 28, 2017 · 3 comments
Closed

1.6.2 Exec tries to load mixed content #2209

hanikesn opened this issue Jul 28, 2017 · 3 comments
Labels
kind/bug Categorizes issue or PR as related to a bug.

Comments

@hanikesn
Copy link
Contributor

Environment

We're running the dashboard behind an https protected loadbalancer, but it tries to load sockjs over http:
http://cdn.sockjs.org/sockjs-0.3.min.js

Dashboard version: 1.6.2
Kubernetes version: 1.7.1
@floreks
Copy link
Member

floreks commented Jul 28, 2017

I have checked it and can confirm. From sockjs docs:

// Transports which don't support cross-domain communication natively ('eventsource' to name one) use an iframe trick.
// A simple page is served from the SockJS server (using its foreign domain) and is placed in an invisible iframe.
// Code run from this iframe doesn't need to worry about cross-domain issues, as it's being run from domain local to the SockJS server.
// This iframe also does need to load SockJS javascript client library, and this option lets you specify its url (if you're unsure,
// point it to the latest minified SockJS client release, this is the default). You must explicitly specify this url on the server
// side for security reasons - we don't want the possibility of running any foreign javascript within the SockJS domain (aka cross site scripting attack).
// Also, sockjs javascript library is probably already cached by the browser - it makes sense to reuse the sockjs url you're using in normally.

We will bundle the sockjs client/server and serve it from our backend in case it is needed to avoid external calls.

@floreks floreks added kind/bug Categorizes issue or PR as related to a bug. priority/P1 labels Jul 28, 2017
@lenartj
Copy link
Contributor

lenartj commented Aug 2, 2017

This is in #2029 (Serve SockJSURL from dashboard) too

@floreks
Copy link
Member

floreks commented Aug 2, 2017

Great. Since it is already on the list then we can close and track from there.

@floreks floreks closed this as completed Aug 2, 2017
@floreks floreks mentioned this issue Aug 2, 2017
Open
16 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@hanikesn @lenartj @floreks