Details
-
Bug
-
Status: Closed
-
Normal
-
Resolution: Won't Fix
-
5.1.0
-
None
-
None
-
0.5
-
Tiger
-
Tiger Sprint 163, Tiger Sprint 164, Tiger Sprint 165
Description
When using Firefox, it seems the source maps are retrieved without setting the header fields required to authenticate with the CMS (eg no session). Note this is in the CMS log, not the browser javascript console.
Steps to reproduce
1) Start the Hippo CMS. Reproduced with hap community
2) Start firefox (tried with Firefox 54.0.1 )
3) Login
4) Open the Firefox debugger
Expected: no warnings, webpack files show in the debugger
Actual:
On the CMS console (console showing the Tomcat output) three warnings are shown. No webpack files
[INFO] [talledLocalContainer] 22:50:47 WARN An attempt to access a protected resource at /hippo-cm/manifest-495e148f9c694c8a3d78.js.map was disallowed. [INFO] [talledLocalContainer] 22:50:48 WARN An attempt to access a protected resource at /hippo-cm/vendor-bee0418dcebca3792569.js.map was disallowed. [INFO] [talledLocalContainer] 22:50:48 WARN An attempt to access a protected resource at /hippo-cm/app-a9a18e87d57f29a89691.js.map was disallowed.
When looking at the audit log indeed a 404 is returned:
"GET /cms/angular/hippo-cm/app-402c87c25d45aefff3da.js.map HTTP/1.1" 404 1055
When rebuilding with the unsecure servlet ( org.onehippo.cms7.utilities.servlet.ResourceServlet ) defined in the CMS web.xml the files do show up in the Firefox debugger
In Chrome the map is returned properly.
Quick search does not result much info but this seems intentional in Firefox to not leak information so might not e fixable other than putting the maps outside the protected resources
Attachments
Issue Links
- is a result of
-
CMS-10733 ResourceServlet should authenticate
-
- Closed
-