Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8051687

Repeating "Security Warning" pop-up shows and check box does not work in some cases.

    Details

      Description

      found a bug in the Java JRE (7u45+), 7u65 and 7u71

      The issue is around the ¿Security Warning¿ pop-up window. The "Do not show
      this again for this app and web site" check box doesn't appear to work in
      some cases.

      With the update to Java 1.7.0_45, a new manifest attribute ("Caller-Allowable-Codebase" was introduced to control the behavior of JavaScript to Java calls. This attribute specifies the codebase/locations from which JavaScript is allowed to call Applet classes. Applets have "Caller-Allowable-Codebase: *" to allow our customers to be able to load TruePass applets from any host of their choice. With these attributes set in the applet manifest, users get this security warning.

      The expected behavior is that this security dialog should appear the first time the TruePass applet is used, and if the user clicks the "Do not show" box, subsequent warning messages should not appear when the applet is loaded in the future.

      In the latest test ran with JRE7U60B19 and 7u71 b04, we observed: On the same browser, even after "Do not show ... checkbox is checked previously, the " Security Warning pop-up appears every time the TruePass applet is running.

      Have reproduced this behavior using Chrome (version 35.0.1916.153), Firefox (version 30.0) and Internet Explorer (version 11.0.9600.17207).

        Attachments

        1. image001.jpg
          image001.jpg
          16 kB
        2. take3.avi
          8.00 MB

          Activity

            People

            • Assignee:
              mcherkas Mikhail Cherkasov (Inactive)
              Reporter:
              shadowbug Shadow Bug
            • Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Due:
                Created:
                Updated:
                Resolved: