View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0000680YaCy[All Projects] Generalpublic2016-08-17 10:522016-08-20 00:38
Assigned ToBuBu 
PlatformOSOS Version
Product VersionYaCy 1.8 
Target VersionFixed in Version 
Summary0000680: YaCy with HTTPS : mixed content warnings and errors
DescriptionWhen running a YaCy peer with SSL enabled (we should rather say TLS) and opening its web interface with HTTPS, browser console display warnings or even blocks "mixed content" :
"Mixed Content: The page at 'https://[yourhost]/yacysearch.html?query=searchterms&Enter=&verify [^]…=5&resource=global&prefermaskfilter=&maximumRecords=10&timezoneOffset=-120' was loaded over HTTPS, but requested an insecure image 'http://yacy.net/images/flattr.png'. [^] This content should also be served over HTTPS."
Steps To Reproduce- Enable SSL on your YaCy peer at /ConfigBasic.html
- Open your browser console (using F12 key for example)
- Open your peer search interface using https
- Search something
- Security warnings are displayed about resources in the donate.html frame

- Open the search comparator : /compare_yacy.html
- Choose bing.com, metager.de or yahoo.com for example as the right side engine
- Search something
- Content on the right side is blocked

- Open Portal Config page : /ConfigPortal.html
- Preview frames content is blocked

- Open Search Page Layout page : /ConfigSearchPage_p.html
- The same security warnings as in search results page are displayed
Additional InformationFix ideas :
- Images for the donate.html frame should be embedded in each YaCy peer : they add unnecessary load to the yacy.net webserver
- URLs in the compare view should start with https when possible
- Portal config page frames preview URLs should start with https when SSL is enabled
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
luc (reporter)
2016-08-17 17:28

A fix is proposed in Pull Request 67 : https://github.com/yacy/yacy_search_server/pull/67 [^]
BuBu (developer)
2016-08-20 00:38

provided patch applied
https://github.com/yacy/yacy_search_server/pull/67 [^]

- Issue History
Date Modified Username Field Change
2016-08-17 10:52 luc New Issue
2016-08-17 17:28 luc Note Added: 0001284
2016-08-20 00:38 BuBu Note Added: 0001285
2016-08-20 00:38 BuBu Status new => resolved
2016-08-20 00:38 BuBu Resolution open => fixed
2016-08-20 00:38 BuBu Assigned To => BuBu

Copyright © 2000 - 2021 MantisBT Team
Powered by Mantis Bugtracker