Open mgiannoni opened 1 year ago
Marc, I had a simlilar issue, Yannick Lizzi told me to add in /etc/httpd/conf/httpd.conf
# HTTP Strict Transport Security (mod_headers is required) (63072000 seconds) Header always set Strict-Transport-Security "max-age=63072000"
Could you test it? Yves.
Yves:
This appears to fix the problem using browser side support for enforcing HTTPs transport security.
However the issue in the code remains where HTTP 302 redirects set the "Location" header to plain old "http://
Yves:
Yes this fixes the problem. The GeoNetwork code still does the wrong thing when forming the HTTP 302 redirect by setting the "Location:" header to plain "http://" port:80
Thanks! Marc Giannoni Unix System Engineer, Guidehouse Phone: 301.427.9478 Cell: 301.915.5266
On Thu, Feb 9, 2023 at 10:38 AM yvesgoupil @.***> wrote:
Marc, I had a simlilar issue, Yannick Lizzi told me to had in /etc/httpd/conf/httpd.conf
HTTP Strict Transport Security (mod_headers is required) (63072000
seconds) Header always set Strict-Transport-Security "max-age=63072000"
Could you test it? Yves.
— Reply to this email directly, view it on GitHub https://github.com/OpenWIS/openwis/issues/416#issuecomment-1424392612, or unsubscribe https://github.com/notifications/unsubscribe-auth/ADYWE7SMH5SOK2B6KQWATKLWWUFN5ANCNFSM6AAAAAAUVN4U5A . You are receiving this because you authored the thread.Message ID: @.***>
Marc: Perfect, this issue could be close. I set the labels to "Close me".
Yves.
Full HTTPs port 443 implementation still redirects to HTTP port 80
Apache Frontend Configured For HTTPs
Implemented Apache frontend using IG-OpenWIS-3.16 Installation Guide
Security Service Circle of Trust configured for HTTPs
Servers & Sites Settings
Portal Federation Services Configured For HTTPs
Portal SAML2 Fedlet
OpenAM IDP Services
OpenAM SP openwis-admin-portal Services
Apache Frontend Logging Still Showing HTTP port 89
Source Code Bread-Crumbs
This function constructs a URL without any consideration of the HTTP/HTTPs protocol.
./openwis-metadataportal/openwis-portal/src/main/java/org/fao/geonet/kernel/DataManager.java
//--------------------------------------------------------------------------- public String getSiteURL() { String host = settingMan.getValue("system/server/host"); String port = settingMan.getValue("system/server/port"); String locServ = baseURL + "/" + Jeeves.Prefix.SERVICE + "/en"; return "http://" + host + (port.equals("80") ? "" : ":" + port) + locServ; } //--------------------------------------------------------------------------
This appears to be used in several locations:
find . -name *.java -exec grep -i getSiteURL {} \; -print | egrep 'java$' ./openwis-metadataportal/openwis-portal/src/main/java/org/fao/geonet/guiservices/util/GetSiteURL.java ./openwis-metadataportal/openwis-portal/src/main/java/org/fao/geonet/kernel/DataManager.java ./openwis-metadataportal/openwis-portal/src/main/java/org/fao/geonet/kernel/harvest/harvester/fragment/FragmentHarvester.java ./openwis-metadataportal/openwis-portal/src/main/java/org/fao/geonet/kernel/harvest/harvester/metadatafragments/Harvester.java ./openwis-metadataportal/openwis-portal/src/main/java/org/fao/geonet/kernel/harvest/harvester/thredds/Harvester.java ./openwis-metadataportal/openwis-portal/src/main/java/org/fao/geonet/kernel/oaipmh/Lib.java ./openwis-metadataportal/openwis-portal/src/main/java/org/fao/geonet/kernel/oaipmh/OaiPmhDispatcher.java ./openwis-metadataportal/openwis-portal/src/main/java/org/fao/geonet/kernel/oaipmh/services/Identify.java ./openwis-metadataportal/openwis-portal/src/main/java/org/fao/geonet/kernel/setting/SettingInfo.java ./openwis-metadataportal/openwis-portal/src/main/java/org/fao/geonet/services/metadata/PrepareFileDownload.java ./openwis-metadataportal/openwis-portal/src/main/java/org/fao/geonet/services/register/SelfRegister.java ./openwis-metadataportal/openwis-portal/src/main/java/org/openwis/metadataportal/kernel/metadata/MetadataManager.java ./openwis-metadataportal/openwis-portal/src/main/java/org/openwis/metadataportal/services/register/SelfRegister.java