Univention Bugzilla – Bug 43054
unsecure remote resource loading in css
Last modified: 2016-12-01 16:27:15 CET
Created attachment 8243 [details] Patchfile for the umc.css In file /usr/share/univention-management-console-frontend/js/dijit/themes/umc/umc.css line 10692 there is a css backround attribute which loads an image from demo.univention.de which is used for statistics. Unfortunately this image is loaded via http instead https so it will break the secure context of the website. Attached there is a Patchfile to correct that behavior in a productive environment.
I already created a bug for this somewhen but can't find it. It is wrong that we use demo.univention.de at all. The image should be the local file. It was a typo during development svn r68703 / Bug #38622.
r74836: Use local resource for mobile menu background image Package: univention-management-console-frontend-theme Version: 1.0.4-9.119.201611301539 Branch: ucs_4.1-0 Scope: errata4.1-4 r74838: yaml
Please merge to UCS 4.2. The package changed to univention-web.
(In reply to Florian Best from comment #3) > Please merge to UCS 4.2. > The package changed to univention-web. r74841
(In reply to Florian Best from comment #1) > I already created a bug for this somewhen but can't find it. It is wrong > that we use demo.univention.de at all. The image should be the local file. > It was a typo during development svn r68703 / Bug #38622. Ahh, I already fixed this in UCS 4.2 during Bug #42228 in svn r72272.
(In reply to Florian Best from comment #5) > (In reply to Florian Best from comment #1) > > I already created a bug for this somewhen but can't find it. It is wrong > > that we use demo.univention.de at all. The image should be the local file. > > It was a typo during development svn r68703 / Bug #38622. > > Ahh, I already fixed this in UCS 4.2 during Bug #42228 in svn r72272. For UCS 4.2: All other images use relative url (at least in this file). This one is now relative, too. r74842: Better changelog entry
Change: OK. YAML file: OK. Merge to 4.2-0: OK → VERIFIED
<http://errata.software-univention.de/ucs/4.1/350.html>