JS API v3 - Incorrect https to http routing
Completed
When integrating yellowfin using the JS API we had a problem directing https to http generating a block "strict-origin-when-cross-origin" by the browser.
How to simulate:
In the HTML below we can see that it has a javascript tag that will download the code necessary to render the dashboard. When I added the URL epsecified the https protocol "https://<<my-domain>>/JsAPI/v3?dashUUID=<<uuid>>&token=<<token>>".
<html> <body> <script src="https://<<my-domain>>/JsAPI/v3?dashUUID=<<uuid>>&token=<<token>>&&showToolbar=true"/> </body> </html>
When the browser downloads the javascript inside its body it has a variable called "apiURL" where the generated url has "http" instead of "https". This url is generated by Yellowfin, and as I am running yellowfin in "HTTPS" it is expected that the url dynamically generated by it will also be HTTPS.
Hi Geisson,
Thanks for contacting Yellowfin with your question.
Can I ask you to confirm that you've set your external base URL and the allowed origins domains in Yellowfin, via the Admin Console -> Configuration -> General Settings?
Kind regards,
Chris
Hi Geisson,
Thanks for contacting Yellowfin with your question.
Can I ask you to confirm that you've set your external base URL and the allowed origins domains in Yellowfin, via the Admin Console -> Configuration -> General Settings?
Kind regards,
Chris
Yes, both configurations were made by changing the external url to "https://<my-domain>" and adding the allowed origins to "https://<<my-site>>".
Yes, both configurations were made by changing the external url to "https://<my-domain>" and adding the allowed origins to "https://<<my-site>>".
Hi Geisson,
Thanks for coming back to me.
Please could you send over a screenshot similar to the one I've created just so I can see what you've got.
Please could you also send a screenshot of the link embed screen that is generated when you browse to a report, click on share and then click embed:
If that also has HTTPS in it then it should be working but if not then that gives us other avenues to explore.
Thanks!
Kind regards,
Chris
Hi Geisson,
Thanks for coming back to me.
Please could you send over a screenshot similar to the one I've created just so I can see what you've got.
Please could you also send a screenshot of the link embed screen that is generated when you browse to a report, click on share and then click embed:
If that also has HTTPS in it then it should be working but if not then that gives us other avenues to explore.
Thanks!
Kind regards,
Chris
Here is the image with the settings
Below is the example image of the embed link
As you can see, the embed link is correct. The problem is when this link is executed. As this is a script, in its call it returns a code and within the code returned by this link there is an invalid http link as shown in the next image.
Here is the image with the settings
Below is the example image of the embed link
As you can see, the embed link is correct. The problem is when this link is executed. As this is a script, in its call it returns a code and within the code returned by this link there is an invalid http link as shown in the next image.
Hi Geisson,
Thanks for confirming. I see where you mean, it's in the specific embed dashboard script that's returned and you're right in that it doesn't seem to fill that variable from the external base URL as I tried changing it and it doesn't update.
Are you using a proxy server between Yellowfin and the hosting site?
SSL also needs to be configured on Yellowfin with a valid certificate, please let me know if that's already set up.
Finally, can I ask exactly which version of Yellowfin have you got running? The info.jsp found at https://yourYFurl/info.jsp would suffice.
Kind regards,
Chris
Hi Geisson,
Thanks for confirming. I see where you mean, it's in the specific embed dashboard script that's returned and you're right in that it doesn't seem to fill that variable from the external base URL as I tried changing it and it doesn't update.
Are you using a proxy server between Yellowfin and the hosting site?
SSL also needs to be configured on Yellowfin with a valid certificate, please let me know if that's already set up.
Finally, can I ask exactly which version of Yellowfin have you got running? The info.jsp found at https://yourYFurl/info.jsp would suffice.
Kind regards,
Chris
Hi Geisson,
Can I ask one last thing, as you're using a token for the embed, I assume that comes from your SSO solution. Does the user you're logging in with belong to the default org?
Kind regards,
Chris
Hi Geisson,
Can I ask one last thing, as you're using a token for the embed, I assume that comes from your SSO solution. Does the user you're logging in with belong to the default org?
Kind regards,
Chris
Hi Chris,
We are using a proxy that, when activated, directs to yellowfin. We are specifically using traefik.
Installation information follows:
Application Version: 9.10.0.1
java.version: 11.0.13
os.name: Linux
os.arch: amd64
os.version: 5.15.0-200.131.27.el9uek.x86_64
Regarding the token and access settings, we already tested it in an environment without a valid SSL certificate running over http and everything worked normally. We had the error reported after configuring an SSL certificate and adding it to HTTPS
Hi Chris,
We are using a proxy that, when activated, directs to yellowfin. We are specifically using traefik.
Installation information follows:
Application Version: 9.10.0.1
java.version: 11.0.13
os.name: Linux
os.arch: amd64
os.version: 5.15.0-200.131.27.el9uek.x86_64
Regarding the token and access settings, we already tested it in an environment without a valid SSL certificate running over http and everything worked normally. We had the error reported after configuring an SSL certificate and adding it to HTTPS
Hi Geisson,
I think I'm going to ask someone on our consultant team to take a look here as it's been working using HTTP for you and you seem to have Yellowfin configured correctly for using the JS API v3 and HTTPS. There could be something with your network stack that needs looking at.
Were you able to confirm that the user credentials passed through are logging in to the default org? The allowed origins may need to configured for client orgs if it's not already done.
Kind regards,
Chris
Hi Geisson,
I think I'm going to ask someone on our consultant team to take a look here as it's been working using HTTP for you and you seem to have Yellowfin configured correctly for using the JS API v3 and HTTPS. There could be something with your network stack that needs looking at.
Were you able to confirm that the user credentials passed through are logging in to the default org? The allowed origins may need to configured for client orgs if it's not already done.
Kind regards,
Chris
Hello Chris, how are you?
Any feedback regarding the reported problem?
Hello Chris, how are you?
Any feedback regarding the reported problem?
Hi Geisson,
I'm good thanks! I hope your week is going well :)
So regarding the issue, I added support for SSL in my 9.10.0.1 environment and the apiURL updated accordingly. I've also asked the account manager just to make the Brazilian Yellowfin reseller aware of your situation as well.
Furthermore, on our end someone has a possibly similar setup to you, using a reverse proxy configuration which maps https requests to http on the server side. Does this apply to you or have you got https enabled in Yellowfin as well via modifications made to the web.xml and server.xml files?
The alternative is you might have your proxy, Traefik, forwarding https requests to Yellowfin over http, in which case, this Community post from the Traefik forums may help with forwarding those requests. https://community.traefik.io/t/http-to-https-redirect-does-not-enforce-the-client-to-create-a-new-connection/15103
Let me know.
Kind regards,
Chris
Hi Geisson,
I'm good thanks! I hope your week is going well :)
So regarding the issue, I added support for SSL in my 9.10.0.1 environment and the apiURL updated accordingly. I've also asked the account manager just to make the Brazilian Yellowfin reseller aware of your situation as well.
Furthermore, on our end someone has a possibly similar setup to you, using a reverse proxy configuration which maps https requests to http on the server side. Does this apply to you or have you got https enabled in Yellowfin as well via modifications made to the web.xml and server.xml files?
The alternative is you might have your proxy, Traefik, forwarding https requests to Yellowfin over http, in which case, this Community post from the Traefik forums may help with forwarding those requests. https://community.traefik.io/t/http-to-https-redirect-does-not-enforce-the-client-to-create-a-new-connection/15103
Let me know.
Kind regards,
Chris
Hi Chris,
We are using a Docker environment to run yellowfin in production. I believe the configuration you tested should be native yellowfin. When reading the topic you mentioned, we understand that the problem mentioned does not occur in our structure because https routing works correctly.
When analyzing the situation with our infrastructure, we believe that the problem may not be related to reverse proxy. Would it be possible for you to tell us what logic yellowfin uses to generate the value of the "apiURL" variable? When we add the "URL da base da instância externa" configuration, shouldn't we be using the value of this configuration in the variable as shown in the image below?
Hi Chris,
We are using a Docker environment to run yellowfin in production. I believe the configuration you tested should be native yellowfin. When reading the topic you mentioned, we understand that the problem mentioned does not occur in our structure because https routing works correctly.
When analyzing the situation with our infrastructure, we believe that the problem may not be related to reverse proxy. Would it be possible for you to tell us what logic yellowfin uses to generate the value of the "apiURL" variable? When we add the "URL da base da instância externa" configuration, shouldn't we be using the value of this configuration in the variable as shown in the image below?
Hi Geisson,
I hope you're well.
I was told by your account manager that someone from our Brasil partner should be in touch with you soon. Have they reached out to you yet?
Kind regards,
Chris
Hi Geisson,
I hope you're well.
I was told by your account manager that someone from our Brasil partner should be in touch with you soon. Have they reached out to you yet?
Kind regards,
Chris
Hello, yes he contacted us, but he was unable to give us a solution. After a long time investigating we discovered how to solve the problem. When working with a reverse proxy and a docker container you need to add the environment variable "PROXY_SCHEMA=https".
Hello, yes he contacted us, but he was unable to give us a solution. After a long time investigating we discovered how to solve the problem. When working with a reverse proxy and a docker container you need to add the environment variable "PROXY_SCHEMA=https".
Hi Geisson,
Thanks for letting me know. I might look into including this in our Wiki for future reference. Although it's not directly related to Yellowfin it could help people setting up similar environments.
Let me know if there's anything else you need.
Kind regards,
Chris
Hi Geisson,
Thanks for letting me know. I might look into including this in our Wiki for future reference. Although it's not directly related to Yellowfin it could help people setting up similar environments.
Let me know if there's anything else you need.
Kind regards,
Chris
Hi Chris, I actually got this information from the Yellowfin wiki, where it provides an example with the use of a proxy. My problem has already been resolved, I believe this ticket can now be completed.
Hi Chris, I actually got this information from the Yellowfin wiki, where it provides an example with the use of a proxy. My problem has already been resolved, I believe this ticket can now be completed.
Hi Geisson,
Thanks very much for letting me know! I hope you have a pleasant week :)
Kind regards,
Chris
Hi Geisson,
Thanks very much for letting me know! I hope you have a pleasant week :)
Kind regards,
Chris
Replies have been locked on this page!