[Building Sakai] Chrome 30 and HTTP

Joshua Swink joshua.swink at gmail.com
Thu Oct 10 14:05:17 PDT 2013 

Correct, it doesn't involve any configuration in the load balancer. We are
using a BIG-IP F5 load balancer which does HTTPS. We have not added any URL
or header rewriting rules to it.

The Tomcats are using HTTP connectors, non-encrypted, with the proxyPort,
scheme, and secure attributes set in the connector.

I'd be interested in the result of setting the proxyPort, scheme, and
secure attributes in the AJP connector.

Josh


On Thu, Oct 10, 2013 at 1:00 PM, Niebel, William (wdn5e) <
wdn5e at eservices.virginia.edu> wrote:

>  Josh-
>     As I understand this, your server-only fix doesn't involve changing
> the load-balancer config.  Are you running Tomcat standalone or do you have
> Apache in front of it?  (We have Apache in front of Tomcat, and so our
> Tomcat has AJP but not an HTTP connector to configure as you give
> instructions for.)  So we're thinking this through and trying to understand
> if there's an AJP equivalent on Tomcat or an Apache config equivalent,
> essentially doing your fix adapted to our configuration.  Any thoughts.
>
>     I'll list below what's now broken for our Sakai 2.9.1 for Chrome 30.
>
> *Items that are currently not working on production when using Chrome:*
> *Announcements:* Permissions button
> *Assignments:* Permissions button, Add > Add Attachments button
> *Chat:* Nothing displays
> *D&PM:* Manage button, Mark all as Read button
> *Dropbox:* All options in the Add menu
> *Gradebook:* Nothing displays
> *i>Clicker:* Nothing displays
> *In General:* Reset button
> *Kaltura Media Gallery:* Nothing displays
> *Messages:* Permissions button
> *My Workspace:* My Courses and Profile don't display
> *Polls:* Permissions button
> *Resources:* All options in the Add menu, Permissions button
> *Schedule:* Permissions button, Add > Add Attachments button
> *Sign Up:* Add > Add Attachments button.
> *Site Email:* Permissions button
> *Site Info:* Page Order, Add Participants, Manage Groups, Link to Parent
> Site, and External Tools buttons
> *Syllabus:* Add > Add Attachments button
> *UVaCollab Homepage:* Order Textbooks link
> *Web Content:* Nothing displays
> *WordPress:* Nothing displays
>
> -Bill
>
>  ------------------------------
> *From:* Joshua Swink [joshua.swink at gmail.com]
> *Sent:* Thursday, October 10, 2013 2:15 PM
> *To:* Niebel, William (wdn5e)
> *Cc:* sakai-dev at collab.sakaiproject.org;
> sakai-user-request at collab.sakaiproject.org
> *Subject:* Re: [Building Sakai] Chrome 30 and HTTP
>
>   Do you have an example of this problem occurring in a standard Sakai
> tool? Because I'd like to test it against our setup but I don't have CARET
> installed.
>
> Josh
>
>
> On Wed, Oct 9, 2013 at 9:28 AM, Niebel, William (wdn5e) <
> wdn5e at eservices.virginia.edu> wrote:
>
>> Hi, Matt.
>>      We're working on this problem also at the University of Virginia.
>>
>>      You said "A number of responders in Sakai-dev mentioned a few
>> solutions that have been successful."  This makes me think I might be
>> missing something in this thread so far.
>>
>>      Running SSL between load-balancer and Sakai server certainly counts
>> as one solution.  Am I missing any other solutions that have been
>> mentioned?  (I think in saying "a few", you weren't counting your own
>> solution of using front-end rewrite rules.)
>>
>>      Supplying either property, sakai.force.url.secure or
>> force.url.secure, is not a solution, because, at least with kernel 1.3.1
>> and Sakai 2.9.1, redirects aren't conditioned on either of those
>> properties.  (I know about how Sakai code mirrors one of these property's
>> value to the other.)
>>
>>      And Sakai redirects seem to be one cause of the Chrome 30 problem.
>>  We especially see that tools using CARET WebappToolServlet send redirects
>> which trigger Chrome's http/s block.  I think there are also instances
>> which don't involve that framework.
>>
>>      We prefer to fix the Sakai code so that it works with Chrome 30,
>> without running SSL between the load-balancer and Sakai server (as stated
>> in the thread), and without adding rewrite rules above/outside Sakai, that
>> is, rewrite rules in the load-balancer, webserver, or servlet container (as
>> you're doing).  But I don't want to waste time fixing the code if someone
>> else already has done it that way.
>>
>>      Anyway, it would help me to know if there are solutions already
>> which fix Sakai code to work behind an SSL load-balancer and non-SSL
>> (webserver and) servlet container.
>>
>> Thanks for your help.
>>      Bill
>>
>>
>> Bill Niebel
>> University of Virginia
>>  _______________________________________________
>> sakai-dev mailing list
>> sakai-dev at collab.sakaiproject.org
>> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>>
>> TO UNSUBSCRIBE: send email to
>> sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of
>> "unsubscribe"
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20131010/7d3dacbc/attachment.html

More information about the sakai-dev mailing list