ssossossossosso

Forums

Forums OroCRM OroCRM – HTML, JavaScript, CSS, Design Questions Cross-site Requests to orocrm.com – Are They Necessary?

This topic contains 9 replies, has 6 voices, and was last updated by  Rodolfo 1 year, 11 months ago.

Viewing 9 replies - 1 through 9 (of 9 total)
  • Author
    Replies
  • #22947

    Dima Soroka
    Keymaster

    Hi Tim

    We have this JS code in order to enable “Ask a question” form later on. It should not block page load and we’ll verify this issue.

    Thanks
    Dima

    #22948

    Alexandr Smaga
    Participant

    Hello @etoulas!

    We tried to reproduce this issue, but we could not.
    Could you please give us more details ?

    I tried to setup ipfw on my mac that blocks all requests to crm.orocrm.com.
    And it works as it should, page was not blocked and after timeout which equals 2 secs, I’ve seen reported error in JS console.
    The same behavior if embedded script is not accessible due to slow connection.

    #22949

    Rodolfo
    Participant

    ‘http://crm.orocrm.com/bundles/orocrmrequest/js/embed.form.js’.
    This request has been blocked; the content must be served over HTTPS.

    Any update about this?

    #22950

    Dima Soroka
    Keymaster

    Hi @Rodolfo

    It must be over HTTPS, do you have a case when it is not?

    #22951

    Rodolfo
    Participant

    Hi Dima @soroka

    For some reason, it doesn’t translate this: https://github.com/orocrm/platform/blob/master/src/Oro/Bundle/PlatformBundle/Resources/views/have_request.html.twig#L7 to https

    Not sure if I’m missing some config or if it’s indeed an issue.

    #22952

    Ivan Klymenko
    Keymaster

    Thanks Rodolfo! We will check it.

    #22953

    Rodolfo
    Participant

    Thanks Ivan,

    Just a heads up, I found another problem that occurs when we click on “Configure Integration”:

    Channel -> Create Channel -> Select: Magento -> “Configure Integration” (To open to modal window)

    Mixed Content: The page at ‘https://ACME/channel/create’ was loaded over a secure connection, but contains a form which targets an insecure endpoint ‘http://ACME/channel/integration/create/magento/test?_wid=XXXXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXX&_widgetContainer=dialog’. This endpoint should be made available over a secure connection.

    #22954

    Dmitry Shikalenko
    Participant

    Hi @Rodolfo

    I tried to reproduce your issue but I couldn’t. I checked older versions till 1.6 as well. Moreover the AJAX request that leads to error is sent with relative path so having different schema there looks quite strange.

    Could you provide more information about your conditions? For instance OS, browser, any extra pluging or software that have chance to impact on this functionality

    Thanks

    #22955

    Rodolfo
    Participant

    Thank you very much for your effort @dshykalenko
    I’m forcing any http to go over https. These are my actual configuration:

    nginx

    app/config/routing.yml

Viewing 9 replies - 1 through 9 (of 9 total)

You must be logged in to reply to this topic.