Project

General

Profile

Actions

Defect #17722

closed

Plugin update check not working if redmine is viewed over https

Added by Philip Schiffer over 9 years ago. Updated about 9 years ago.

Status:
Closed
Priority:
High
Category:
Website (redmine.org)
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Fixed
Affected version:

Description

Chrome silently blocks any request to insecure sites:

[blocked] The page at 'https://<servername>/admin/plugins' was loaded over HTTPS, but ran insecure content from 'http://www.redmine.org/plugins/check_updates?<plugin info>': this content should also be loaded over HTTPS.

This causes breaks the plugin update checker. redmine.org should be accessible over https and the check should use the secure site if https is selected in the redmine settings. I'd also like to note that redmine.org is transmitting username and password unencrypted which is really bad!


Files

Actions #1

Updated by Gundolf Dampf over 9 years ago

This happens in Firefox as well. Both browsers block the plugin check silently when your Redmine installation uses HTTPS.

Actions #2

Updated by Jean-Philippe Lang over 9 years ago

  • Category changed from Security to Website (redmine.org)
  • Status changed from New to Closed
  • Assignee set to Jean-Philippe Lang
  • Resolution set to Fixed

As of today, www.redmine.org is available via HTTPS, this should fix this problem.

Actions #3

Updated by Mischa The Evil over 9 years ago

:thumbsup:

Actions #4

Updated by Florian Kaiser about 9 years ago

This is still unfixed in Redmine 2.6.1 since it still sends the request using http://
I recommend using an protocol relative url so it chooses automatically between http and https depending on what is used for Redmine.
http://www.redmine.org/projects/redmine/repository/entry/tags/2.6.1/app/views/admin/plugins.html.erb#L28

Actions #5

Updated by Toshi MARUYAMA about 9 years ago

  • Status changed from Closed to New
Actions #6

Updated by Toshi MARUYAMA about 9 years ago

  • Target version set to 2.6.2
Actions #7

Updated by Toshi MARUYAMA about 9 years ago

  • Resolution deleted (Fixed)
Actions #8

Updated by Jean-Philippe Lang about 9 years ago

  • Status changed from New to Resolved
  • Resolution set to Fixed

Request changed to https in r14014.

Actions #9

Updated by Jean-Philippe Lang about 9 years ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF