Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Local apps/drivers not visible from browser for 0.3.0 due to security issue #211

Closed
cgreenhalgh opened this issue Dec 12, 2017 · 2 comments
Closed

Local apps/drivers not visible from browser for 0.3.0 due to security issue #211

cgreenhalgh opened this issue Dec 12, 2017 · 2 comments

Comments

@cgreenhalgh
Copy link

Using a browser (Firefox on MacOS) to access the databox, tag 0.3.0, it lists drivers from the public app store, but fails to list drivers in the local app store.

Firefox shows the following console error 'Blocked loading mixed active content “http://localhost:8181/app/list”'

This appears to be a general security restriction preventing XMLHTTPRequests to non-https URLs from a page served over HTTPS.

To resolve this issue the local app store will also need to use HTTPS and/or be proxied by the container manager HTTPS proxy.
@cgreenhalgh
Copy link
Author

Just to note for there is a work-around for this in firefox as per this issue:

you can also set security.mixed_content.block_active_content as false in about:config. Of course, this affects all the content you load in the browser, not just the localhost stuff, so you will be decreasing security.

This was referenced Dec 14, 2017
Merged
Merged
Toshbrown added a commit to me-box/core-container-manager that referenced this issue Dec 14, 2017
@Toshbrown
local app server over https (#16)
b1699ad 
Fixes me-box/databox#211
@Toshbrown
Copy link
Contributor

Once #215 is merged this will work.

Toshbrown added a commit to me-box/core-container-manager that referenced this issue Dec 16, 2017
@Toshbrown
Fix app and driver https certs and move UI to default ports (80,443) (#…
3371837 
…17)

* local app server over https

Fixes me-box/databox#211

* Add additional details to certificates

* Update ssl related node libs

* Move to default ports for http and https
Toshbrown pushed a commit to me-box/core-container-manager that referenced this issue Feb 15, 2018
@ktg @Toshbrown
Authentication (#20)
3e1edac 
* Fix me-box/databox#116

* Don't allow change of databox from cm

* Fix version selection and me-box/databox#134

* Add store url to manifest

* Fix docker image loaction

* Actually select correct manifest

* Fix me-box/databox#121 & me-box/databox#125

* Update icon & fix me-box/databox#121 & me-box/databox#125

* Serve as https

* Fix undeclared variable

* Update UI

* Change cert url

* Insecure index + reorganise

* UI Improvements

* Fix app status not correctly updating

* local app server over https

Fixes me-box/databox#211

* Add additional details to certificates

* Update ssl related node libs

* Move to default ports for http and https

* Authentication

* Bug fixes

* Session cookie for proxying
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cgreenhalgh @Toshbrown