Uploaded image for project: 'IGB'
  1. IGB
  2. IGBF-2490

Investigate: Fix implementation of requests to IGB endpoints to support safari etc.

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: None
    • Labels:
    • Story Points:
      5
    • Sprint:
      Summer 4: 14 Jul - 28 Jul, Summer 5: 3 Aug - 14 Aug, Summer 6: 17 Aug - 28 Aug

      Description

      Making requests to the IGB API is done over http and some browsers see a security issue with doing so under an overarching secured connection and classify this as Mixed Content. Safari, for instance, blocks these sorts of requests.

      Instead of making requests in this way, the window location can be changed using javascript, which initializes a new connection, circumventing the error. See my comment here for more details.

      Task: Update the requests in app store to use the method described above, in order to allow all browsers to interact with IGB.

      Update: Allow browsers that do not support http connections to localhost on a secure parent connection to connect to IGB over https.

        Attachments

          Issue Links

            Activity

            Hide
            ann.loraine Ann Loraine added a comment -

            Thanks!

            Further clarification request:

            • Third box: "is evaluated" - who and what is doing the evaluating?

            There are two software programs here - IGB itself and the browser. And a user!

            Could you maybe modify the flow diagram to use active voice for what the software programs are doing?

            Or it could be faster (and less work for you!) to have a short zoom session where you walks us through it. We could include other(s) who might work on it, as well.

            Show
            ann.loraine Ann Loraine added a comment - Thanks! Further clarification request: Third box: "is evaluated" - who and what is doing the evaluating? There are two software programs here - IGB itself and the browser. And a user! Could you maybe modify the flow diagram to use active voice for what the software programs are doing? Or it could be faster (and less work for you!) to have a short zoom session where you walks us through it. We could include other(s) who might work on it, as well.
            Hide
            pbadzuh Philip Badzuh (Inactive) added a comment - - edited

            Requests must be browser-specific due to variable browser security constraints, so it is the browser that must implement the logic to determine over what scheme they are to be made - HTTP or HTTPS. The cookie I have proposed would be set and referenced by the browser.

            I have updated the diagram and would be glad to meet over zoom whenever convenient for everyone who is interested, if there are any further questions. Just let me know.

            Show
            pbadzuh Philip Badzuh (Inactive) added a comment - - edited Requests must be browser-specific due to variable browser security constraints, so it is the browser that must implement the logic to determine over what scheme they are to be made - HTTP or HTTPS. The cookie I have proposed would be set and referenced by the browser. I have updated the diagram and would be glad to meet over zoom whenever convenient for everyone who is interested, if there are any further questions. Just let me know.
            Hide
            ann.loraine Ann Loraine added a comment -

            I'm confused about the second-from-the-top green tile. I don't understand how "referrer" can ever be IGB trusted endpoint. I thought "referrer" mean: the page containing a link you click. When you click a link in a page, then that page becomes the "referrer" for the new request you make upon clicking the link.

            Maybe it would be clearer if you split the green tile into two? Seems like there are two decision points here. First is: "Is this browser Safari"? If yes, you go on to the next decision point. (This next decision point is the one I don't understand.)

            Show
            ann.loraine Ann Loraine added a comment - I'm confused about the second-from-the-top green tile. I don't understand how "referrer" can ever be IGB trusted endpoint. I thought "referrer" mean: the page containing a link you click. When you click a link in a page, then that page becomes the "referrer" for the new request you make upon clicking the link. Maybe it would be clearer if you split the green tile into two? Seems like there are two decision points here. First is: "Is this browser Safari"? If yes, you go on to the next decision point. (This next decision point is the one I don't understand.)
            Hide
            pbadzuh Philip Badzuh (Inactive) added a comment - - edited

            Sorry, you are right - using the referrer header alone would not work. I have updated the diagram logic and have tried make it account for every condition that I could think of. Please review and let me know what you think.

            Show
            pbadzuh Philip Badzuh (Inactive) added a comment - - edited Sorry, you are right - using the referrer header alone would not work. I have updated the diagram logic and have tried make it account for every condition that I could think of. Please review and let me know what you think.
            Hide
            ann.loraine Ann Loraine added a comment -

            Design is sufficiently investigated. Moving to Done.

            Show
            ann.loraine Ann Loraine added a comment - Design is sufficiently investigated. Moving to Done.

              People

              • Assignee:
                pbadzuh Philip Badzuh (Inactive)
                Reporter:
                pbadzuh Philip Badzuh (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: