ClearOS Bug Tracker


View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001822ClearOSapp-zarafa-community - Zarafapublic2014-06-25 16:392014-06-26 09:52
Reportermarclaporte 
Assigned To 
PrioritynormalSeverityminorReproducibilityalways
StatusconfirmedResolutionopen 
PlatformOSOS Version
Product Version 
Target VersionFixed in Version 
Summary0001822: Zarafa: force https use for all data & related security enhancements
Description1- Zarafa webapp and webaccess should not be accessible in http, but only in https
visiting http://example.org/webapp/ [^] or http://example.org/webaccess/ [^] should redirect to https

RequireSSL & php_flag session.cookie_secure and some other great tips here:
https://community.zarafa.com/pg/blog/read/16779/securing-webapp [^]


2- It should be possible to deactivate any calls to different domains.

On https://example.org/webapp/, [^] Firefox reports "Firefox has blocked content that isn't secure" as per https://support.mozilla.org/en-US/kb/how-does-content-isnt-secure-affect-my-safety [^]

Ex.: When clicking on "Feedback?", a script from http://jira.zarafa.com/ [^] is loaded.
http://www.zarafa.com/content/zarafa-privacy-policy#webapp-feedback [^]
https://community.zarafa.com/pg/blog/read/15005/webapp-the-feedback-plugin [^]
a) There should be an option in https://example.org:81/app/zarafa_community [^] to turn it off
b) It should be in https instead of http


Related: http://tracker.clearfoundation.com/view.php?id=995 [^]
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
There are no notes attached to this issue.

- Issue History
Date Modified Username Field Change
2014-06-25 16:39 marclaporte New Issue
2014-06-26 09:52 user2 Status new => confirmed