Actions
Defect #17722
closed
Plugin update check not working if redmine is viewed over https
Status:
Closed
Priority:
High
Assignee:
Category:
Website (redmine.org)
Target version:
Start date:
Due date:
% Done:
0%
Estimated time:
Resolution:
Fixed
Affected version:
Description
Chrome silently blocks any request to insecure sites:
[blocked] The page at 'https://<servername>/admin/plugins' was loaded over HTTPS, but ran insecure content from 'http://www.redmine.org/plugins/check_updates?<plugin info>': this content should also be loaded over HTTPS.
This causes breaks the plugin update checker. redmine.org should be accessible over https and the check should use the secure site if https is selected in the redmine settings. I'd also like to note that redmine.org is transmitting username and password unencrypted which is really bad!
Files
Updated by Gundolf Dampf about 10 years ago
This happens in Firefox as well. Both browsers block the plugin check silently when your Redmine installation uses HTTPS.
Updated by Jean-Philippe Lang about 10 years ago
- Category changed from Security to Website (redmine.org)
- Status changed from New to Closed
- Assignee set to Jean-Philippe Lang
- Resolution set to Fixed
As of today, www.redmine.org is available via HTTPS, this should fix this problem.
Updated by
Updated by Florian Kaiser almost 10 years ago
This is still unfixed in Redmine 2.6.1 since it still sends the request using http://
I recommend using an protocol relative url so it chooses automatically between http and https depending on what is used for Redmine.
http://www.redmine.org/projects/redmine/repository/entry/tags/2.6.1/app/views/admin/plugins.html.erb#L28
Updated by Toshi MARUYAMA
Updated by Jean-Philippe Lang almost 10 years ago
- Status changed from New to Resolved
- Resolution set to Fixed
Request changed to https in r14014.
Updated by Jean-Philippe Lang almost 10 years ago
- Status changed from Resolved to Closed
Actions