Help

0

OAuth2 redirect url failed by insecure http request of favicon.ico ? [SOLVED]

Avatar
yopi

Dear Community,

We are working on a feature where we used OAuth2 to communicate Odoo with Google API. But there is a problem when the API go back to Odoo (redirect_uri) with the following message:

<pre>Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/odoo/addons/base/ir/ir_http.py", line 208, in _dispatch
result = request.dispatch()
File "/usr/lib/python3/dist-packages/odoo/http.py", line 832, in dispatch
r = self._call_function(**self.params)
File "/usr/lib/python3/dist-packages/odoo/http.py", line 344, in _call_function
return checked_call(self.db, *args, **kwargs)
File "/usr/lib/python3/dist-packages/odoo/service/model.py", line 97, in wrapper
return f(dbname, *args, **kwargs)
File "/usr/lib/python3/dist-packages/odoo/http.py", line 337, in checked_call
result = self.endpoint(*a, **kw)
File "/usr/lib/python3/dist-packages/odoo/http.py", line 939, in __call__
return self.method(*args, **kw)
File "/usr/lib/python3/dist-packages/odoo/http.py", line 517, in response_wrap
response = f(*args, **kw)
File "/mnt/extra-addons/google_people/controllers/main.py", line 42, in authentication
authorization_response=request.httprequest.url)
File "/usr/local/lib/python3.5/dist-packages/requests_oauthlib/oauth2_session.py", line 208, in fetch_token
state=self._state)
File "/usr/local/lib/python3.5/dist-packages/oauthlib/oauth2/rfc6749/clients/web_application.py", line 203, in parse_request_uri_response
response = parse_authorization_code_response(uri, state=state)
File "/usr/local/lib/python3.5/dist-packages/oauthlib/oauth2/rfc6749/parameters.py", line 262, in parse_authorization_code_response
raise InsecureTransportError()
oauthlib.oauth2.rfc6749.errors.InsecureTransportError: (insecure_transport) OAuth 2 MUST utilize https.</pre>

on Chrome we have this message (in console log)

<pre>Mixed Content: The page at 'https://***' was loaded over HTTPS, but requested an insecure favicon 'http://***/en_US/favicon.ico'. This request has been blocked; the content must be served over HTTPS.</pre>

as you can see our website already installed with HTTPS but then somehow there is a request made with HTTP (http://***/en_US/favicon.ico).

I tried to debug where is the request of favicon.ico is made

on website module I found there is a route defined \https://github.com/odoo/odoo/blob/11.0/addons/website/controllers/main.py#L447 but couldn't find where is the route is called.

Avatar
Discard
2 Answers
0
Avatar
Ravi Gadhia
Best Answer

https://stackoverflow.com/questions/27785375/testing-flask-oauthlib-locally-without-https

Mix content issue is not related to traceback. browser throw error when HTTPS user makes a request for a resource of HTTP.
check the browser network panel and identify which resource (most properly image ) requested over HTTP

2 Comments
Avatar
Discard
Avatar
yopi
-

Thanks for the answer.

I think, I've solved it, on my route (register as redirect url at google credential) I used request.httprequest.url to access the current or active url and I found odoo read it as http not https.

Avatar
Ravi Gadhia
-

Cool !

0
Avatar
Ermin Trevisan
Best Answer

Just an idea: did you already try to upload a favicon in the backend using the GUI? Maybe it helps.

1 Comment
Avatar
Discard
Avatar
yopi
-

Thanks for your answer. I just did it but still got the same issue.