Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix blocked http-request for version number on https site #773

Merged
merged 1 commit into from
Feb 28, 2024
Merged

Fix blocked http-request for version number on https site #773

merged 1 commit into from
Feb 28, 2024

Conversation

juhoinkinen
Copy link
Member

@juhoinkinen juhoinkinen commented Feb 28, 2024
edited
Loading

Displaying the version of Annif on Web UI was added in PR #745, but it was not working when Annif was deployed on a site using https, e.g. https://dev.annif.org: Firefox console showed error

Blocked loading mixed active content “http:https://dev.annif.org/v1/”

and the displayed version string was empty.

This SO answer advises to add a metatag for "Content-Security-Policy: upgrade-insecure-requests". This "is intended for websites with large numbers of insecure legacy URLs that need to be rewritten", but I did not find another way to fix this, because the version number is queried from /v1 path, whatever the site domain is.

But now I started to wonder why the same error does not arise when querying projects from /v1/projects path, which is also a GET request...

Edit: Force pushed with a more proper way to fix this by fetching the version information from url /v1/ (with trailing slash), which was hinted in some SO answers. It seemed that directly accessing https://dev.annif.org/v1 with a browser was returned with a 308 Permanent Redirect to https://dev.annif.org/v1/, so it seems the trailing slash "just makes this work", and this is related to the (root) path defined in the OpenAPI spec used for the version, which appends a slash to /v1.

@juhoinkinen juhoinkinen added this to the 1.1 milestone Feb 28, 2024
@codecov Codecov
Copy link

codecov bot commented Feb 28, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 99.65%. Comparing base (1e182b2) to head (a81b01a).

Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #773   +/-   ##
=======================================
  Coverage   99.65%   99.65%           
=======================================
  Files          89       89           
  Lines        6404     6404           
=======================================
  Hits         6382     6382           
  Misses         22       22

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@juhoinkinen juhoinkinen force-pushed the fix-blocked-http-request-for-version-on-https-site branch from a41d21e to a81b01a Compare February 28, 2024 08:53
@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Feb 28, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

@juhoinkinen juhoinkinen marked this pull request as ready for review February 28, 2024 09:16
@juhoinkinen juhoinkinen merged commit eba2b0c into main Feb 28, 2024
16 checks passed
@juhoinkinen juhoinkinen deleted the fix-blocked-http-request-for-version-on-https-site branch February 28, 2024 11:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
1.1
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@juhoinkinen