Defect #17722

Plugin update check not working if redmine is viewed over https

Added by Philip Schiffer over 4 years ago. Updated almost 4 years ago.

Status:ClosedStart date:
Priority:HighDue date:
Assignee:Jean-Philippe Lang% Done:

0%

Category:Website (redmine.org)
Target version:2.6.2
Resolution:Fixed Affected version:2.5.2

Description

Chrome silently blocks any request to insecure sites:

[blocked] The page at 'https://<servername>/admin/plugins' was loaded over HTTPS, but ran insecure content from 'http://www.redmine.org/plugins/check_updates?<plugin info>': this content should also be loaded over HTTPS.

This causes breaks the plugin update checker. redmine.org should be accessible over https and the check should use the secure site if https is selected in the redmine settings. I'd also like to note that redmine.org is transmitting username and password unencrypted which is really bad!

redmine-1.6.1-update_check_https.patch Magnifier (413 Bytes) Florian Kaiser, 2015-01-13 12:38

Associated revisions

Revision 14014
Added by Jean-Philippe Lang almost 4 years ago

Check plugins updates using https (#17722).

History

#1 Updated by Gundolf Dampf about 4 years ago

This happens in Firefox as well. Both browsers block the plugin check silently when your Redmine installation uses HTTPS.

#2 Updated by Jean-Philippe Lang about 4 years ago

  • Category changed from Security to Website (redmine.org)
  • Status changed from New to Closed
  • Assignee set to Jean-Philippe Lang
  • Resolution set to Fixed

As of today, www.redmine.org is available via HTTPS, this should fix this problem.

#3 Updated by Mischa The Evil about 4 years ago

:thumbsup:

#4 Updated by Florian Kaiser almost 4 years ago

This is still unfixed in Redmine 2.6.1 since it still sends the request using http://
I recommend using an protocol relative url so it chooses automatically between http and https depending on what is used for Redmine.
http://www.redmine.org/projects/redmine/repository/entry/tags/2.6.1/app/views/admin/plugins.html.erb#L28

#5 Updated by Toshi MARUYAMA almost 4 years ago

  • Status changed from Closed to New

#6 Updated by Toshi MARUYAMA almost 4 years ago

  • Target version set to 2.6.2

#7 Updated by Toshi MARUYAMA almost 4 years ago

  • Resolution deleted (Fixed)

#8 Updated by Jean-Philippe Lang almost 4 years ago

  • Status changed from New to Resolved
  • Resolution set to Fixed

Request changed to https in r14014.

#9 Updated by Jean-Philippe Lang almost 4 years ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF