Jump to content

HSTS Policy + Supercontainer?


Recommended Posts

Yesterday I replied to an old thread - to be sure and make it clear, I'm just adding a new one here.

What we're seeing on our Mac clients (and have been for 2+ years now) is:  the web server (a Mac-based system) portion of our multi-machine configuration (DB server is Windows) has its security certificates in place.  This means that when users access the web direct homepage, they're redirected to HTTPS.  That works fine.  However, Safari automatically creates an HSTS profile for that web server.  That HSTS profile then automatically redirects any web traffic on that client to HTTPS.  So if those same users have to interact with a SuperContainer web viewer, the web viewer never loads - because it's being redirected to HTTPS and the SC web viewer only uses HTTP).

Safari used to allow users to remove HSTS policy along with cookies and cache themselves - but in recent updates the HSTS policy is no longer accessible for them to remove, it has to be done via terminal with elevated privileges now.

Has anyone else encountered this? I have to imagine so.  Admittedly, I'm not the admin of the web services on the server so perhaps there's a way around this.  I did some quick checks and saw a way to tell Apache to set an HSTS policy with a max life of zero - which presumably would work, but have been unsuccessful in implementing that.  Not sure if it's how the certificate was created/applied.  Just pretty stumped on this one.

We don't have too many users who need both web direct and SC web viewers - but some, and this has definitely been hindering them for a long time now.

Link to post
Share on other sites

I have had a few users in the past report something similar to this. The solution to the problem has essentially been to install an SSL certificate on the machine running SuperContainer so that the URLs for the web viewers pointed at SuperContainer use https instead of http. Where does your SuperContainer instance run? Is it already accessible over https?

Link to post
Share on other sites

I'll check with the team who's been administering the SuperContainer server and see.  I know that we have a certificate on that machine - all of the standard web interfaces are HTTPS already, like the web direct for FM web sharing.

I tried directing one of the SC web viewers to HTTPS and had no luck there - the web viewer just sits on "Loading" and fails to load anything that way.

The web server and Superconatiner are running on a Mac Mini, while our main DB server is WinServer 2016.  I'm not sure how else to try to access it via HTTPS.  Would love any specific suggestions of where to look to make updates for that.  Again, I'll see what the web admin team can tell me about the cert on the box, but I know there's one there already.

Thanks

Link to post
Share on other sites

It's been a couple of years, but I'm fairly certain this is the Standalone install.  This is a Mac-based web server so we can use the PDF, JPG, etc. image previews.  The actual DB server is on Windows.  But in any case, I think this is the Standalone install for SuperContainer.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.