Mixed content after adding Tomcat SSL connector

209 views
Skip to first unread message

Alex

unread,
Feb 28, 2020, 5:05:35 AM2/28/20
to Datafari
Hi there !

We use Datafari 3.2.1 in our company. I've just add a SSL connector in Tomcat but it looks like Datafari web interface tries to load some plain HTTP content.
It's obviously blocked by Firefox (and surely others browsers).

Two requests blocked :

The second request should be using HTTPS scheme (8443 is a HTTPS port).

What can I do ?
Thanks !

Cedric Ulmer

unread,
Feb 28, 2020, 5:41:22 AM2/28/20
to Datafari
Hi Alexandre,

thanks for using Datafari !

It is a normal security measure that Tomcat does not accept mixing http and https calls. This basically means that if you want to use https ressources, you need to configure all the components of Datafari so that they are https enabled. It's a task that is quite time consuming, but you should end up succeeding since it is just configuration matters ! If not, just for info, all the https configuration is managed and preconfigured by default in the Datafari Enterprise Edition.

Regards,

Cedric

Alex

unread,
Feb 28, 2020, 5:45:15 AM2/28/20
to Datafari
Thanks for your fast response !
I've looked over your documentation but I can't find anything about configuring Datafari components for using https.
How can I do that ?

Cedric Ulmer

unread,
Feb 28, 2020, 7:19:42 AM2/28/20
to Datafari
Hi,

It is normal that you don't find documentation: although nothing prebents our community of users to create this documentation and the corresponding configuration of the components, on our side we reserve our documentation (and configuration) to our Enterprise Edition users (yes, it's a way to convince people to buy a licence!).

Regards,

Cedric

Alex

unread,
Feb 28, 2020, 8:48:22 AM2/28/20
to Datafari
Disappointing policy...
Scheme shouldn't be hardcoded, and documentation should be available for everyone. Especially for such a basic and important feature.
However, I totally understand that additionnal features are only available for entreprise edition users, SSL should not be a feature !

disappointing policy

Cedric Ulmer

unread,
Feb 28, 2020, 10:12:08 AM2/28/20
to Datafari

Hi Alexandre,

 

I think there is a misunderstanding. We have a profound respect for open source, and that is why we do NOT prevent in any way our Datafari CE users to configure SSL on their systems. The decision we have made is not to share our own efforts on this aspect, as we considered that it is a good leverage to encourage people to acquire licences and further encourage us to contribute to our open source stack.

 

You are right to highlight that security is of importance, and this is why your own organisation should give you enough resources (your own time or a team or a dedicated budget) to configure properly Datafari with this regard.

 

About the schemes, can you detail which files contain hardcoded uri schemes you are referring to ? We may have missed some hardcoding in some places, and if it is the case we will create tickets to address these issues later on.

 

One more question : why don’t you opt for the setup of an apache upfront, that would act as a reverse proxy between the https world and your http datafari ?

Alex

unread,
Feb 28, 2020, 10:32:02 AM2/28/20
to Datafari
I haven't had time to do a deep search but just in few seconds I can found an issue in main.js :

Manager = new AjaxFranceLabs.Manager({
                serverUrl : 'http://' + window.location.hostname
                                + ':'+port+'/Datafari/SearchProxy/',
                constellio : false,
                connectionInfo : {
                        autocomplete : {
                                serverUrl : '',
                                servlet : 'suggest',
                                queryString : 'q='
                        },
                        spellcheck : {
                                serverUrl : '',
                                servlet : '',
                                queryString : ''
                        }
                }
        });

I've successfully configured my Tomcat to serve Datafari in HTTPS/8443, but like I said before, there is hardcoded http scheme in Javascript ...
Note that we use a old version.

Alex

unread,
Feb 28, 2020, 10:46:13 AM2/28/20
to Datafari
I'm just a sysadmin but that seems to do the trick (serverUrl) :

 Manager = new AjaxFranceLabs.Manager({
                serverUrl : window.location.protocol + 'SearchProxy/',

                constellio : false,
                connectionInfo : {
                        autocomplete : {
                                serverUrl : '',
                                servlet : 'suggest',
                                queryString : 'q='
                        },
                        spellcheck : {
                                serverUrl : '',
                                servlet : '',
                                queryString : ''
                        }
                }
        });

Do you think that this modification can cause issues ?


Le vendredi 28 février 2020 11:05:35 UTC+1, Alex a écrit :

Cedric Ulmer

unread,
Feb 28, 2020, 11:06:16 AM2/28/20
to Datafari
Hi, 

We'd rather recommend that you look at the latest version of the file main.js, and copy the concerned lines appropriately:


Regards,

Cedric

Cedric Ulmer

unread,
Mar 5, 2020, 6:07:15 AM3/5/20
to Datafari
Hi Alex,

is everything running fine eventually for you ?

Regards,

Cedric

Le vendredi 28 février 2020 16:46:13 UTC+1, Alex a écrit :

Alex

unread,
Mar 5, 2020, 8:06:18 AM3/5/20
to Datafari
Hi Cedric !

Yes, I replaced main.js with the version you provided.
Beside that, the only thing needed was classic Tomcat connector configuration.

I still think that SSL should be standard and documented btw ;)

Regards.
Reply all
Reply to author
Forward
0 new messages