New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Change way of exporting CSV search results #3238

Merged
merged 2 commits into from Dec 23, 2016

Conversation

Projects
None yet
2 participants
@edmundoa
Member

edmundoa commented Dec 22, 2016

To export CSV search results, we use a URL including the user's session ID to do a HTTP basic authentication against the REST API. This has a couple of problems:

  • IE/Edge do not support URLs containing the username and password parts due to security concerns (https://support.microsoft.com/en-us/kb/834489)
  • Other browsers display scary warning messages when clicking on the Export CSV link, as they also consider the user may be in danger

To avoid those problems, this PR changes the procedure slightly and adds some more information in the process:

  • IE/Edge users will see a modal dialogue asking them to click a download link, and informing them that their browser may ask them to provide their credentials for the download to proceed
  • Other users will see a modal dialogue with a download link, and we ask them to download that file using right click -> Save link as. In this way browsers don't display any warnings, and the download procedure works as expected

Fixes #3090

edmundoa added some commits Dec 22, 2016

Prepare SearchSidebar to add another modal
Use common methods to open and close modals.
Modify the way to export CSV search results
- Ask the user to download with right click -> Save link as, avoiding
  security warnings in browsers
- Fix CSV export on IE/Edge, by not sending the session ID in the
  username and password parts of the URL. As described in
  https://support.microsoft.com/en-us/kb/834489, IE does not support
  those URLs due to security concerns. When IE/Edge are detected, we
  ask the user to click a download link, and inform them that the browser
  may ask for their credentials after clicking that link

Fixes #3090

@edmundoa edmundoa added this to the 2.2.0 milestone Dec 22, 2016

@bernd bernd self-assigned this Dec 23, 2016

@bernd

bernd approved these changes Dec 23, 2016

LGTM and works for me 👍

@bernd bernd merged commit fe61c44 into master Dec 23, 2016

4 checks passed

ci-web-linter Jenkins build graylog-pr-linter-check 1199 has succeeded
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
continuous-integration/travis-ci/push The Travis CI build passed
Details
licence/cla Contributor License Agreement is signed.
Details

@bernd bernd deleted the issue-3090 branch Dec 23, 2016

@bernd bernd removed the ready-for-review label Dec 23, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment