View Issue Details

This bug affects 1 person(s).
 8
IDProjectCategoryView StatusLast Update
12166Bug reportsCentral participant databasepublic2017-06-19 13:39
Reporterbewi Assigned Toc_schmitz  
PrioritynoneSeveritycrash 
Status closedResolutionfixed 
Product Version2.57.x 
Fixed in Version2.65.x 
Summary12166: no possibility to share users
Description

trying to share users results in an error as there is a mismatch betweeen http and https:

in the console.log I can find:
Mixed Content: The page at 'https://survey.my.domain/index.php/admin/participants/sa/displayParticipants' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://survey.my.domain/index.php/admin/participants/sa/openModalParticipantPanel/ajax/1'. This request has been blocked; the content must be served over HTTPS.

Steps To Reproduce

configure your server to use https.
access the admin area
insert some addresses
try to share them

Additional Information

maybe related to 12136

Tagshttps, secure transmission
Bug heat8
Complete LimeSurvey version number (& build)2.57.1+161205
I will donate to the project if issue is resolvedNo
BrowserFF 45.7.0 / chrome 56.0
Database type & versionmySql?
Server OS (if known)?
Webserver software & version (if known)apache?
PHP Version5.6?

Users monitoring this issue

There are no users monitoring this issue.

Activities

mfavetti

mfavetti

2017-03-02 23:54

developer   ~43131

Cannot reproduce. The ajax call on that page is loaded over https with Version 2.63.1 (latest git)

Seems like this is already fixed.

bewi

bewi

2017-03-03 08:41

reporter   ~43134

meanwhile our admin updated to 2.63.1+170305, but the error still occurs

DenisChenu

DenisChenu

2017-03-03 09:02

developer   ~43135

Try to reproduce : don't find how ....

try to share them : how do you do this ?

My config :

  1. allow http or https in virtual host
  2. Force HTTPS: 'Don't force on/off' in LimeSurvey
bewi

bewi

2017-03-03 12:28

reporter   ~43139

it's a strange phenomen: we have two servers which are configured identical (as far as the admin knows), one server works ok, one server with the error.

the configuration is a bit complicated:
all calls go through a proxy which

  • changes a http-call to https (of the root-page)
  • takes a https-call and gives it as http request to the limesurvey-server (but the server gets the information that the call originary was a https call) (sorry I'm no admin and did not get all details)

on one system the Ajax-calls are generated with a https protocoll, on the other server the ajax-calls are generated with http (which does not work as the browser get mixed content)

how does limesurvey decides which protocoll should be used for generated links?
is it always the same? (as most links work ok)

sidenote:
for another server with other software an environment setting of
SentEnv X-Forwarded-Proto "^https$" HTTPS=on
solved such problems.

c_schmitz

c_schmitz

2017-03-03 13:04

administrator   ~43140

LimeSurvey usese the following variables to determine SSL

    isset($_SERVER['HTTPS']) && (strcasecmp($_SERVER['HTTPS'],'on')===0 || $_SERVER['HTTPS']==1)
        || isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && strcasecmp($_SERVER['HTTP_X_FORWARDED_PROTO'],'https')===0;

Anyway, this is not a bug but a configuration issue. Please continue discussion in the forums, instead.

DenisChenu

DenisChenu

2017-03-03 13:13

developer   ~43141

Configuration issue : https://manual.limesurvey.org/Optional_settings#Request_settings

bewi

bewi

2017-03-03 13:58

reporter   ~43142

this might be a configuration problem, but it also contains a strange behaviour of the page, which might be a point to optimze the code:

we found the following javascript in the generated page:

var exportToCSVURL = "/index.php/admin/participants/sa/exporttocsv";
var openModalParticipantPanel = "http://survey.my.domain/index.php/admin/participants/sa/openModalParticipantPanel/ajax/1";
var editValueParticipantPanel = "/index.php/admin/participants/sa/editValueParticipantPanel";

aside of the variable openModalParticipantPanel all other URLs do not contain any protocol or domain but stay with relaive pathes.
we did not find the reason why one system generates correct protocoll and the other uses the false, if the url would be relative, all would be working.

thanks any way and I will try to dive into configuration

c_schmitz

c_schmitz

2017-03-03 14:18

administrator   ~43144

Last edited: 2017-03-03 14:19

In /helpers/admin/ajax_helper.php
change

public static function createUrl($route, array $params = array())
{
    $params['ajax'] = 1;
    return App()->createAbsoluteUrl($route, $params);
}

to

public static function createUrl($route, array $params = array())
{
    $params['ajax'] = 1;
    return App()->createUrl($route, $params);
}

and see if that helps.

Can you reproduce 12136 . If yes, does it fix that, too?

c_schmitz

c_schmitz

2017-03-07 11:31

administrator   ~43184

Feedback please?

bewi

bewi

2017-03-07 11:41

reporter   ~43185

sorry. this week we can not change the system. I will try to evaluate this next week. as this error only occurs on productive system we can not debug it on our dev/test systems.

bewi

bewi

2017-03-13 15:43

reporter   ~43279

our problem can be solved with the usage of App()->createUrl() instead of App()->createAbsoluteurl(). (Patch applied to LimeSurvey
Version 2.63.1+170305)

I can reproduce 12136 in (FF ESR 45.8.0) but the change of url generation does not solve that problem.
in chrome (56.0.2924.87 (64-bit)) the export does not start either. but in chrome I get an error message in the console:
"Form submission canceled because the form is not connected"

bewi

bewi

2017-05-02 13:13

reporter   ~43516

The Problem is solved only partially. Meanwhile we use Version 2.64.7+170404.
I just stumpled over the same error in another page: /index.php/admin/participants/sa/displayParticipants
there I find in the HTML-source:

var exportToCSVURL = "/index.php/admin/participants/sa/exporttocsv";
var openModalParticipantPanel = "http://survey.my.domain/index.php/admin/participants/sa/openModalParticipantPanel/ajax/1";
var editValueParticipantPanel = "/index.php/admin/participants/sa/editValueParticipantPanel";

and editing or adding another participant is not possible with the error described above.

c_schmitz

c_schmitz

2017-06-16 13:39

administrator   ~43924

Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=23029

c_schmitz

c_schmitz

2017-06-16 13:39

administrator   ~43925

The participants issue seems to be solved, too.

Related Changesets

LimeSurvey: master 3f2b53b1

2017-06-16 13:39:32

c_schmitz

Details Diff
Fixed issue 12166: No possibility to share users with some webserver configurations Affected Issues
12166
mod - application/helpers/admin/ajax_helper.php Diff File

Issue History

Date Modified Username Field Change
2017-03-02 10:47 bewi New Issue
2017-03-02 10:50 bewi Tag Attached: https
2017-03-02 10:50 bewi Tag Attached: secure transmission
2017-03-02 23:54 mfavetti Note Added: 43131
2017-03-03 08:41 bewi Note Added: 43134
2017-03-03 09:02 DenisChenu Note Added: 43135
2017-03-03 12:28 bewi Note Added: 43139
2017-03-03 13:04 c_schmitz Assigned To => c_schmitz
2017-03-03 13:04 c_schmitz Status new => closed
2017-03-03 13:04 c_schmitz Resolution open => no change required
2017-03-03 13:04 c_schmitz Note Added: 43140
2017-03-03 13:13 DenisChenu Note Added: 43141
2017-03-03 13:58 bewi Note Added: 43142
2017-03-03 14:18 c_schmitz Note Added: 43144
2017-03-03 14:18 c_schmitz Note Edited: 43144
2017-03-03 14:19 c_schmitz Note Edited: 43144
2017-03-03 14:41 c_schmitz Status closed => feedback
2017-03-03 14:41 c_schmitz Resolution no change required => reopened
2017-03-07 11:31 c_schmitz Note Added: 43184
2017-03-07 11:41 bewi Note Added: 43185
2017-03-07 11:41 bewi Status feedback => assigned
2017-03-13 15:43 bewi Note Added: 43279
2017-05-02 13:13 bewi Note Added: 43516
2017-06-16 13:39 c_schmitz Changeset attached => LimeSurvey master 3f2b53b1
2017-06-16 13:39 c_schmitz Note Added: 43924
2017-06-16 13:39 c_schmitz Note Added: 43925
2017-06-16 13:40 c_schmitz Status assigned => resolved
2017-06-16 13:40 c_schmitz Resolution reopened => fixed
2017-06-16 13:40 c_schmitz Fixed in Version => 2.65.x
2017-06-19 13:39 c_schmitz Status resolved => closed