Custom plugin using URLStreamHandlerWithContext blocking connection as untrusted
Posted: Wed Apr 24, 2024 5:45 pm
Hello,
We have been using a custom plugin for Oxygen XML Editor to load our XML data that extends URLStreamHandlerWithContext, and recently (seems to be after upgrading to v 26.0) the connection from this plugin has been blocked as untrusted. This is the error message we receive (url redacted):
As a workaround, we have been adding our host to the allowed hosts list on the Administration page. However, this is not a great long term solution as we have to adjust this config after each deploy (and we're running Oxygen in an AWS ECS task, which AWS may destroy/create automatically at any time).
From the documentation, I can see that:
Thanks,
Trent Olson
We have been using a custom plugin for Oxygen XML Editor to load our XML data that extends URLStreamHandlerWithContext, and recently (seems to be after upgrading to v 26.0) the connection from this plugin has been blocked as untrusted. This is the error message we receive (url redacted):
Strangely, we only see this issue in our production environment. All of our pre-production environments don't have this issue.Connection to https://xxxxx.xxxxx.xxxxx.com/vx/xxxxx/ ... c5551/xxxx was blocked because it is not configured as a trusted host.
As a workaround, we have been adding our host to the allowed hosts list on the Administration page. However, this is not a great long term solution as we have to adjust this config after each deploy (and we're running Oxygen in an AWS ECS task, which AWS may destroy/create automatically at any time).
From the documentation, I can see that:
However, I can't find anywhere in the documentation that says where or how a plugin would specify this. Is the fact that the plugin uses a specific URL for a connection supposed to implicitly trust that host? Or, in addition to our custom URLStreamHandlerWithContext plugin, should we be creating a custom TrustedHostsProviderExtension with the same hosts listed that our other plugin uses?Plugins can specify whether a connection is allowed or denied, regardless of whether or not they are listed in the Security tab of the Administration Page.
Thanks,
Trent Olson