Uploaded image for project: 'Infrastructure'
  1. Infrastructure
  2. INFRA-2643

Artifactory is serving mixed content from https/http

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Trivial
    • Resolution: Unresolved
    • Component/s: jenkins.io
    • Labels:
      None
    • Similar Issues:

      Description

      While logging back after all the password expirations, I noticed that my browser (chrome) is reporting the Artifactory home page not be secured.

       

      Seems to be caused by the mixed content due to the Jenkins logo that is specified in the instance, pointing to http://www.jenkins.io/sites/default/files/jenkins_logo.png and not to https://www.jenkins.io/sites/default/files/jenkins_logo.png

       

        Attachments

          Activity

          vlatombe Vincent Latombe created issue -
          Hide
          danielbeck Daniel Beck added a comment -

          Weird, I just checked and Artifactory specifies an HTTPS URL in its configuration, and I get HTTPS served when I check the DOM. Could you confirm this is resolved?

          Show
          danielbeck Daniel Beck added a comment - Weird, I just checked and Artifactory specifies an HTTPS URL in its configuration, and I get HTTPS served when I check the DOM. Could you confirm this is resolved?
          Hide
          vlatombe Vincent Latombe added a comment - - edited

          It's not. Actually, I don't think it is Artifactory itself, but only the Jenkins logo (that must be configured somewhere in Artifactory).

          The DOM is correct because the http URL actually redirects to https, but the browser still produces a warning.

          Show
          vlatombe Vincent Latombe added a comment - - edited It's not. Actually, I don't think it is Artifactory itself, but only the Jenkins logo (that must be configured somewhere in Artifactory). The DOM is correct because the http URL actually redirects to https, but the browser still produces a warning.
          danielbeck Daniel Beck made changes -
          Field Original Value New Value
          Component/s jenkins.io [ 23954 ]
          Component/s artifactory [ 18923 ]
          Hide
          danielbeck Daniel Beck added a comment -

          I've resolved the issue on the side of Artifactory by including the final URL, but will leave this open for jenkins.io.

          Show
          danielbeck Daniel Beck added a comment - I've resolved the issue on the side of Artifactory by including the final URL, but will leave this open for jenkins.io.
          danielbeck Daniel Beck made changes -
          Comment [ Actually a bug on jenkins.io:
          {noformat}
          $ curl -IL https://jenkins.io/sites/default/files/jenkins_logo.png
          HTTP/2 301
          server: nginx/1.17.10
          date: Tue, 16 Jun 2020 11:56:48 GMT
          content-type: text/html
          content-length: 170
          location: http://www.jenkins.io/sites/default/files/jenkins_logo.png

          HTTP/1.1 301 Moved Permanently
          Server: Varnish
          Retry-After: 0
          Location: https://www.jenkins.io/sites/default/files/jenkins_logo.png
          Content-Length: 0
          Accept-Ranges: bytes
          Date: Tue, 16 Jun 2020 11:56:48 GMT
          Via: 1.1 varnish
          Connection: close
          X-Served-By: cache-hhn4035-HHN
          X-Cache: HIT
          X-Cache-Hits: 0
          X-Timer: S1592308609.552677,VS0,VE0
          Strict-Transport-Security: max-age=300

          HTTP/2 200
          server: nginx/1.17.10
          content-type: image/png
          last-modified: Fri, 29 Sep 2017 08:11:58 GMT
          etag: "59ce004e-3397"
          expires: Thu, 04 Jun 2020 23:44:54 GMT
          cache-control: max-age=172800, public
          accept-ranges: bytes
          date: Tue, 16 Jun 2020 11:56:48 GMT
          via: 1.1 varnish
          age: 128411
          x-served-by: cache-hhn4033-HHN
          x-cache: HIT
          x-cache-hits: 1
          x-timer: S1592308609.631532,VS0,VE1
          strict-transport-security: max-age=300
          content-length: 13207 {noformat} ]
          Hide
          vlatombe Vincent Latombe added a comment -

          Nice, thank you!

          Show
          vlatombe Vincent Latombe added a comment - Nice, thank you!

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            vlatombe Vincent Latombe
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated: