Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 3.1
    • Fix Version/s: 3.1_ms07
    • Component/s: admin_gui
    • Labels:
      None
    • Environment:

      Operating System: All
      Platform: All

      Description

      build:

      Bring up Admin Console and click on Connectors, Admin Object Resources. Once
      the Admin Object Resources page is brough up click on browser's back button. A
      404 page not found error page is displayed. This happens from any Admin Console
      page. It does not happen in v2.

        Issue Links

          Activity

          Hide
          lidiam added a comment -

          Created an attachment (id=4945)
          screenshot

          Show
          lidiam added a comment - Created an attachment (id=4945) screenshot
          Hide
          Anissa Lam added a comment -

          -> Ken

          Show
          Anissa Lam added a comment - -> Ken
          Hide
          Jason Lee added a comment -

          The root cause of this is our ajax-based navigation. It seems that when the user clicks back, the
          browser attempts to navigate to the j_security_check, which is where the login form was POSTed to.
          The problem, it seems, is that the container only recognizes the "magic" URI (j_security_check) for
          POSTs. The GET request from the back button, then, looks for a file by that name in the app, which is
          not there, currently. I added a file by that name that redirects to / (which should probably be smarter
          at some point), but I'm not sure what the security implications of that are. I'll follow up on the mailing
          list for more input.

          Show
          Jason Lee added a comment - The root cause of this is our ajax-based navigation. It seems that when the user clicks back, the browser attempts to navigate to the j_security_check, which is where the login form was POSTed to. The problem, it seems, is that the container only recognizes the "magic" URI (j_security_check) for POSTs. The GET request from the back button, then, looks for a file by that name in the app, which is not there, currently. I added a file by that name that redirects to / (which should probably be smarter at some point), but I'm not sure what the security implications of that are. I'll follow up on the mailing list for more input.
          Hide
          Jason Lee added a comment -

          Fix committed

          Show
          Jason Lee added a comment - Fix committed
          Hide
          lidiam added a comment -

          Verified in download build, b43.

          Show
          lidiam added a comment - Verified in download build, b43.

            People

            • Assignee:
              Jason Lee
              Reporter:
              lidiam
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: