Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Change way of exporting CSV search results #3238

Merged
merged 2 commits into from Dec 23, 2016
Merged

Change way of exporting CSV search results #3238

merged 2 commits into from Dec 23, 2016

Conversation

@edmundoa
Copy link
Member

@edmundoa edmundoa commented Dec 22, 2016

To export CSV search results, we use a URL including the user's session ID to do a HTTP basic authentication against the REST API. This has a couple of problems:

  • IE/Edge do not support URLs containing the username and password parts due to security concerns (https://support.microsoft.com/en-us/kb/834489)
  • Other browsers display scary warning messages when clicking on the Export CSV link, as they also consider the user may be in danger

To avoid those problems, this PR changes the procedure slightly and adds some more information in the process:

  • IE/Edge users will see a modal dialogue asking them to click a download link, and informing them that their browser may ask them to provide their credentials for the download to proceed
  • Other users will see a modal dialogue with a download link, and we ask them to download that file using right click -> Save link as. In this way browsers don't display any warnings, and the download procedure works as expected

Fixes #3090

edmundoa added 2 commits Dec 22, 2016
Use common methods to open and close modals.
- Ask the user to download with right click -> Save link as, avoiding
  security warnings in browsers
- Fix CSV export on IE/Edge, by not sending the session ID in the
  username and password parts of the URL. As described in
  https://support.microsoft.com/en-us/kb/834489, IE does not support
  those URLs due to security concerns. When IE/Edge are detected, we
  ask the user to click a download link, and inform them that the browser
  may ask for their credentials after clicking that link

Fixes #3090
@edmundoa edmundoa added this to the 2.2.0 milestone Dec 22, 2016
@bernd bernd self-assigned this Dec 23, 2016
@bernd
bernd approved these changes Dec 23, 2016
Copy link
Member

@bernd bernd left a comment

LGTM and works for me 👍

@bernd bernd merged commit fe61c44 into master Dec 23, 2016
4 checks passed
4 checks passed
@garybot2
ci-web-linter Jenkins build graylog-pr-linter-check 1199 has succeeded
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
continuous-integration/travis-ci/push The Travis CI build passed
Details
licence/cla Contributor License Agreement is signed.
Details
@bernd bernd deleted the issue-3090 branch Dec 23, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

2 participants