Posted by buzzdecafe on November 7, 2007 at 4:34pm
5 followers
Jump to:
| Project: | Secure Pages |
| Version: | 7.x-1.x-dev |
| Component: | Miscellaneous |
| Category: | bug report |
| Priority: | minor |
| Assigned: | Unassigned |
| Status: | active |
Issue Summary
Observed this error when attempting to use the ajax interface to add content to a flexible panel: A javascript alert box pops up saying "An error occurred" then refuses to let me add anything to the panes. See attached "error.png"
The indispensable Firebug extension gives some more detail on what is happening:
uncaught exception: Security Error: Content at http://myhost/admin/panels/panel-page/home_panel/edit/content may not load data from http://myhost/panels/ajax/add-content/1/row_2_2.
This is apparently a conflict with Secure Pages, which I have configured to use https for everything under admin*.
Workaround: Added "panels/ajax*" to the list of paths that Secure Pages runs through SSL, et voila, I can add stuff to panes.
| Attachment | Size |
|---|---|
| error.png | 22.82 KB |
Comments
#1
Make sure that in the setting page for secure pages the ignore pages contains "*/ajax/*"
This will make sure that the link is not redirected from http to https or vice versa.
#2
Automatically closed -- issue fixed for two weeks with no activity.
#3
It would be nice to add this into secure pages by default. Is there a way to transfer this over to the secure pages queue without adding a new tickets?
#4
Yes, by updating the "Project" settings. Passing it over there now.
Please stop abusing the tags, and read the relevant instructions.
Please also remember to update the issue settings for the issue to whatever is relevant for you.
#5
Apologies for the abuse. I believe this is the first time I used the tags because it thought it might be more helpful to alert the secure pages folks.
Thanks for the help in accomplishing the goal.
#6
#7
*/ajax/* was removed from the defaults when #1258200: Ignore requests with X-Requested-With:XMLHttpRequest landed.
#8
So is it a security risk to use */ajax/*?
I had to add this in as ubercart was not playing nice without it.
#9
No, it's not a security risk, but I'd like to understand why the XMLHttpRequest check isn't catching it. Can you see if the header is either not sent, or not detected?
#10
Seems like this was fixed in the later versions of ubercart. No more issues on my production, dev, or local sites.
#11
Nope. It's not working again with ubercart.
To recreate, simply go to checkout and then click the "My billing information is the same as my delivery information." You'll get a 503 error
An AJAX HTTP error occurred.
HTTP Result Code: 503
Debugging information follows.
Path: /system/ajax
StatusText: error
ResponseText:
#12
503 errors generally leave an entry in your apache error_log, can you post the error message here? Thanks.