Cannot log in to a non secure (http) Confluence instance using Firefox

お困りですか?

アトラシアン コミュニティをご利用ください。

コミュニティに質問

問題

When accessing a Confluence instance over HTTP (and not HTTPS), users cannot log in using Firefox. The reason for this is that we mark the cookies as Secure, yet the site is not secure.

原因

Firefox has recently decided to deprecate non-secure HTTP as a protocol. In Firefox 52, they implemented the “Strict Secure Cookies” specification:

That effort prevents HTTP-only sites from delivering cookies with the “secure”attribute. That attribute denotes the cookie should only be transported over encrypted link, but it is still possible to access such cookies over HTTP under some circumstances. Adopting the new spec will mean cookies marked “secure” can only be touched by HTTPS servers.

Our cookies are marked as '"secure", and as such can only be used over HTTPS. This means that Firefox is not passing required cookies to the server, which means that login fails.

回避策

Use a different browser, eg Chrome or Internet Explorer.

ソリューション

Implement SSL to secure your Confluence instance. See Running Confluence Over SSL or HTTPS for more information.

 

Last modified on Mar 29, 2017

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.