search

karakun / OpenWebStart

Run Web Start based applications after the release of Java 11
https://openwebstart.com
Other
417 stars 48 forks source link

Unexpected switch to HTTPS #573

Open Horcrux7 opened 6 months ago

Horcrux7 commented 6 months ago

I start the JNLP application with the URL: jnlp://localhost/jnlp/designer?instance=SESSIONID80%3Dnode09qg5z107jsb68fekayxyfbv00

But OpenWebStart switch to HTTPS starting with the follow logline:

Candidate URLs for [l=http://localhost/jnlp/designer?instance=SESSIONID80%3Dnode09qg5z107jsb68fekayxyfbv00 v=null s=I]: [https://localhost/jnlp/designer?instance=SESSIONID80%3Dnode09qg5z107jsb68fekayxyfbv00, http://localhost/jnlp/designer?instance=SESSIONID80%3Dnode09qg5z107jsb68fekayxyfbv00]

On the HTTPS port the service is also running but the certificate does not match to localhost. That I have start it on HTTP (without S).

There is also no warranty that a service that run on another port is the same. If we want start via HTTPS then we use the protocol jnlps:. Why OpenWebStart is doing this? the certificate is wrong? How can we prevent it?

If OpenWebStart download the the JNLP file via HTTPS then the codebase use also HTTPS which is wrong.

FelixJongleur42 commented 6 months ago

Did you try the setting “do not favor https requests” ? Try to check this setting.

https://openwebstart.com/docs/OWSGuide.html#_security_settings

FelixJongleur42 commented 6 months ago

If OpenWebStart download the the JNLP file via HTTPS then the codebase use also HTTPS which is wrong.

that may rather be a problem on the server side which renders the JNLP file.

Horcrux7 commented 6 months ago

Did you try the setting “do not favor https requests” ? Try to check this setting.

This option solve the problem for me. But I think you should cancel the switch to HTTPS if the certificate is not valid. If the user starts with localhost there are many cause why the certificate can be wrong.

If OpenWebStart download the the JNLP file via HTTPS then the codebase use also HTTPS which is wrong.

that may rather be a problem on the server side which renders the JNLP file.

Why you think this is a server problem. If the client starts with HTTP then it continue with HTTP. The user will have causes because do it. If the client starts with HTTPS then the server continue with HTTPS.