Skip to content

Commit

Permalink
Resolve UserProfile Loading Errors From Unsecure pages (dnnsoftware#2494
Browse files Browse the repository at this point in the history 
)

* NOJIRA: mark as stable.

* DNN-21637: add config key.

* DNN-26576: prevent same-origin errors when loading popup and iframes from a secure page.

* code review

* Code review
  • Loading branch information
@mean2me @zyhfish
mean2me authored and zyhfish committed Mar 29, 2019
1 parent 892ce8d commit c349c33
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 2 deletions.
5 changes: 5 additions & 0 deletions DNN Platform/Library/Common/Utilities/UrlUtils.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -400,6 +400,11 @@ public static bool InPopUp()
return HttpContext.Current != null && HttpContext.Current.Request.Url.ToString().IndexOf("popUp=true", StringComparison.OrdinalIgnoreCase) >= 0;
}

public static bool IsPopUp(string url)
{
return url .IndexOf("popUp=true", StringComparison.OrdinalIgnoreCase) >= 0;
}

/// <summary>
/// Redirect current response to 404 error page or output 404 content if error page not defined.
/// </summary>
Expand Down
7 changes: 5 additions & 2 deletions DNN Platform/Library/Entities/Urls/AdvancedUrlRewriter.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1554,8 +1554,11 @@ private bool CheckForSecureRedirect(PortalSettings portalSettings,
//check ssl enforced
if (portalSettings.SSLEnforced)
{
//check page is not secure, connection is secure
if (!portalSettings.ActiveTab.IsSecure && result.IsSecureConnection)
// Prevent browser's mixed-content error in case we open a secure PopUp or a secure iframe
// from an unsecure page
if (!portalSettings.ActiveTab.IsSecure &&
result.IsSecureConnection &&
!UrlUtils.IsPopUp(url))
{
//has connection already been forced to secure?
if (queryStringCol["ssl"] == null)
Expand Down

0 comments on commit c349c33

Please sign in to comment.