Uploaded image for project: 'Sakai'
  1. Sakai
  2. SAK-23877

Syllabus redirect feature has issues with urls that are not allowed to be framed

    Details

    • Type: Bug
    • Status: Verified
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.9.2
    • Fix Version/s: 10.0
    • Component/s: Syllabus
    • Labels:
    • 10 status:
      Resolved
    • Conversion Script Required:
      Yes

      Description

      Steps to recreate:

      attempt to enter https://www.google.com/ as the url for a syllabus redirect. The page will not render. In chrome, if you check the console log you will see the following error:

      Refused to display 'https://www.google.com/' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.

      In a similar way, you will receive warnings about when sakai and the redirect url are from mixed protocols (http or https) but at least right now in chrome it still renders, this probably won't be the case in the future, and in firefox we know they are already shutting down mixed content.
      https://blog.mozilla.org/tanvi/2013/04/10/mixed-content-blocking-enabled-in-firefox-23/

      The best solution might be to just launch syllabus redirect content in a new window in these situations. So adding an option in the UI to open in a new window might be the way to address it.

        Gliffy Diagrams

          Zeplin

            Attachments

              Issue Links

                Activity

                  People

                  Assignee:
                  jonespm Matthew Jones
                  Reporter:
                  jbush John Bush
                  Votes:
                  0 Vote for this issue
                  Watchers:
                  7 Start watching this issue

                    Dates

                    Created:
                    Updated:
                    Resolved:

                      Git Integration