0001822: Zarafa: force https use for all data & related security enhancements

ClearFoundation Tracker - ClearOS
View Issue Details

ID	Project	Category	View Status	Date Submitted	Last Update
0001822	ClearOS	app-zarafa-community - Zarafa	public	2014-06-25 16:39	2020-09-03 03:09

Reporter	marclaporte
Assigned To
Priority	normal	Severity	minor	Reproducibility	always
Status	closed	Resolution	won't fix
Platform		OS		OS Version
Product Version
Target Version		Fixed in Version

Summary	0001822: Zarafa: force https use for all data & related security enhancements
Description	1- Zarafa webapp and webaccess should not be accessible in http, but only in https visiting http://example.org/webapp/ [^] or http://example.org/webaccess/ [^] should redirect to https RequireSSL & php_flag session.cookie_secure and some other great tips here: https://community.zarafa.com/pg/blog/read/16779/securing-webapp [^] 2- It should be possible to deactivate any calls to different domains. On https://example.org/webapp/, [^] Firefox reports "Firefox has blocked content that isn't secure" as per https://support.mozilla.org/en-US/kb/how-does-content-isnt-secure-affect-my-safety [^] Ex.: When clicking on "Feedback?", a script from http://jira.zarafa.com/ [^] is loaded. http://www.zarafa.com/content/zarafa-privacy-policy#webapp-feedback [^] https://community.zarafa.com/pg/blog/read/15005/webapp-the-feedback-plugin [^] a) There should be an option in https://example.org:81/app/zarafa_community [^] to turn it off b) It should be in https instead of http Related: http://tracker.clearfoundation.com/view.php?id=995 [^]
Steps To Reproduce
Additional Information
Tags	No tags attached.
Relationships
Attached Files

Issue History
Date Modified	Username	Field	Change
2014-06-25 16:39	marclaporte	New Issue
2014-06-26 09:52	user2	Status	new => confirmed
2020-09-03 03:09	NickH	Note Added: 0014531
2020-09-03 03:09	NickH	Status	confirmed => closed
2020-09-03 03:09	NickH	Resolution	open => won't fix

Notes