Hitachi Vantara Pentaho Community Forums
Results 1 to 6 of 6

Thread: cde-embed.js provides script urls with http instead of https

  1. #1
    Join Date
    Apr 2017
    Posts
    11

    Default cde-embed.js provides script urls with http instead of https

    Hi,

    Have set tomcat to serve SSL on :8443 and disabled 8080. All working fine except that calls to cde-embed.js returns javascript with urls for files that all start with HTTP instead of HTTPS and therefore flag unsafe script blocks.

    The fully qualified url and context path are also incorrect.

    I have set server.properties to: fully-qualified-server-url=https://pentaho.motiv.io:8443/pentaho/
    Running 7.0 community edition.

    Works fine if I replace cde-embed.js calls with my own local script with corrected content. Except there are some details included that look dynamic - i'm not sure if this will be a problem in the future?

  2. #2
    Join Date
    Sep 2015
    Posts
    12

    Default

    Hi,

    This is a bug in 7.0 that was fixed for the 7.1 release coming soon.http://jira.pentaho.com/browse/CDF-949.

  3. #3
    Join Date
    Apr 2017
    Posts
    11

    Default

    Great news, thanks.

  4. #4
    Join Date
    May 2017
    Posts
    2

    Default

    I just spent the last several hours upgrading to 7.1 because I've been suffering from this bug since the 1st day, and it prevent us to deploy and integrate reports and dashboards into our web application.

    Well, the bug still happens to me. Exactly the same behaviour. Exactly the same console errors. You take a look at the generated cde-embed.js and it still says that SERVER_PROTOCOL is 'http' and that FULL_QUALIFIED_URL is "http://www.wahtever.com:443/pentaho/", and all the injected documents (of course, still using the deprecated "document.write" method which, by itself, is causing a lot of errors) are using "http://" for their SRC, even though I properly set up the "full qualified name" at system/server.properties.

    I cannot even find a proper "release notes" document for this new version. I'd like to read which bugs have been resolved, if any...

  5. #5
    Join Date
    Apr 2017
    Posts
    11

    Default

    Concur - have just gone through the upgrade to 7.1 and still have exactly the same issue, well now couple with a total failure of cross site scripting. Having to revert to 7.0

  6. #6
    Join Date
    Apr 2017
    Posts
    11

    Default

    Ok - so just went to the trouble of building the 7.1.0.2 release from source and the bug is still there. Unbelievable - its fixed in a current download of EE?

    Or am I just really missing something obvious?
    Last edited by ben-motiv; 07-04-2017 at 01:04 AM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Privacy Policy | Legal Notices | Safe Harbor Privacy Policy

Copyright © 2005 - 2019 Hitachi Vantara Corporation. All Rights Reserved.