0001822: Zarafa: force https use for all data & related security enhancements - ClearFoundation Tracker

SYSTEM WARNING: 'file_get_contents(https://www.clearos.com/?rendertype=json&get=header): failed to open stream: Connection refused' in '/var/www/virtual/newwrapper/cf_topmenu.inc' line 5

ClearOS Bug Tracker

View Issue Details [ Jump to Notes ]

[ Issue History ] [ Print ]

ID

Project

Category

View Status

Date Submitted

Last Update

0001822

ClearOS

app-zarafa-community - Zarafa

public

2014-06-25 16:39

2020-09-03 03:09

Reporter

marclaporte

Assigned To

Priority

normal

Severity

minor

Reproducibility

always

Status

closed

Resolution

won't fix

Platform

OS

OS Version

Product Version

Target Version

Fixed in Version

Summary

0001822: Zarafa: force https use for all data & related security enhancements

Description

1- Zarafa webapp and webaccess should not be accessible in http, but only in https
visiting http://example.org/webapp/ [^] or http://example.org/webaccess/ [^] should redirect to https

RequireSSL & php_flag session.cookie_secure and some other great tips here:
https://community.zarafa.com/pg/blog/read/16779/securing-webapp [^]

2- It should be possible to deactivate any calls to different domains.

On https://example.org/webapp/, [^] Firefox reports "Firefox has blocked content that isn't secure" as per https://support.mozilla.org/en-US/kb/how-does-content-isnt-secure-affect-my-safety [^]

Ex.: When clicking on "Feedback?", a script from http://jira.zarafa.com/ [^] is loaded.
http://www.zarafa.com/content/zarafa-privacy-policy#webapp-feedback [^]
https://community.zarafa.com/pg/blog/read/15005/webapp-the-feedback-plugin [^]
a) There should be an option in https://example.org:81/app/zarafa_community [^] to turn it off
b) It should be in https instead of http

Related: http://tracker.clearfoundation.com/view.php?id=995 [^]

Tags

No tags attached.

Relationships

Notes
(0014531) NickH (developer) 2020-09-03 03:09	Zarafa issue and Zarafa is dead.

Issue History
Date Modified	Username	Field	Change
2014-06-25 16:39	marclaporte	New Issue
2014-06-26 09:52	user2	Status	new => confirmed
2020-09-03 03:09	NickH	Note Added: 0014531
2020-09-03 03:09	NickH	Status	confirmed => closed
2020-09-03 03:09	NickH	Resolution	open => won't fix

SYSTEM WARNING: 'file_get_contents(https://www.clearos.com/?rendertype=json&get=footer): failed to open stream: Connection refused' in '/var/www/virtual/newwrapper/cf_footer.inc' line 7

Copyright © 2009- ClearCenter Ltd.