View PDF Macro in Office Connector makes http fetch from Adobe from https session

Type atlassian
Modified 2018-10-11T08:36:24


The View PDF macro within the Office Connector plugin provides the following http URL even for https sessions when a user's browser fails the Flash installed test.

It's bad form to mix http urls in with secured https sessions and can also lead to confusing mixed protocol warnings to users. Adobe supports the URL above via https as well so honoring the current protocol in all subsidiary requests should be an easy fix (recommend you look at this across other plugins as well). Atlassian may also want to consider providing a macro configuration option for a sysadmin to specify a local path to the get flash player gif. This would prevent Adobe from logging the referrer URL which includes the Confluence page title. Protected wiki page titles can be sensitive to privacy concerns on occasion.