Uploaded image for project: 'Sakai'
  1. Sakai
  2. SAK-23877

Syllabus redirect feature has issues with urls that are not allowed to be framed

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Verified
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.9.2
    • Fix Version/s: 10.0
    • Component/s: Syllabus
    • Labels:
    • 10 status:
      Resolved
    • Conversion Script Required:
      Yes

      Description

      Steps to recreate:

      attempt to enter https://www.google.com/ as the url for a syllabus redirect. The page will not render. In chrome, if you check the console log you will see the following error:

      Refused to display 'https://www.google.com/' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.

      In a similar way, you will receive warnings about when sakai and the redirect url are from mixed protocols (http or https) but at least right now in chrome it still renders, this probably won't be the case in the future, and in firefox we know they are already shutting down mixed content.
      https://blog.mozilla.org/tanvi/2013/04/10/mixed-content-blocking-enabled-in-firefox-23/

      The best solution might be to just launch syllabus redirect content in a new window in these situations. So adding an option in the UI to open in a new window might be the way to address it.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  jonespm Matthew Jones
                  Reporter:
                  jbush John Bush
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  7 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:

                    Git Source Code