Developer

last person joined: yesterday 

Back to discussions
Expand all | Collapse all

Untrusted source error on AngularJS External Captive Portal

This thread has been viewed 2 times

  • 1.  Untrusted source error on AngularJS External Captive Portal

    Posted Oct 03, 2019 04:45 PM

    I've developed an external captive portal using the angularJS platform. I'm running the captive portal on a server that's connected via an ethernet cable to my fios router. I've defined a guest user WLAN on an Aruba 303HR IAP that is configured to redirect an internet access to the external captive portal.

     

    When I connect a device to the guest user SSID and attempt to access the internet. The shell of the Captive Portal web page is displayed on the device's screen but the content of components of the web page are not displayed. The angular client-side software attempts to access the html template files for these components but returns an error as follows:

     

    Transition Rejection($id: 0 type: 6, message: The transition errored, detail: Error: [$sce:insecurl]. This error is defined as follows in Angular documentation - Processing of a Resource from Untrusted Source Blocked.

     

    The template html file accessed by angularJS is on the same server as the Captive Portal's index.html file. It is in a subdirectory of the Captive Portal root directory.

     

    As noted above, the server that cotains the Captive Portal application is within the same LAN as the Aruba IAP. They are both connected to the same router.

     

    Has anyone else experienced this problem? Any suggestions for the fix?

     

    Thanks,

     

    Robert Willner

     



  • 2.  RE: Untrusted source error on AngularJS External Captive Portal
    Best Answer

    EMPLOYEE
    Posted Oct 04, 2019 06:35 AM

    I don't have experience with this specific framework, but as soon as I see frameworks, I see many times where parts of it (like jQuery and other libraries) are downloaded from external sources like S3 buckets, or other CDN locations.

     

    If you are in a captive portal role, you cannot access any of those locations, unless you have allowed those through. A proper first step would be to remove the captive portal redirect for now and see if the portal works. If it doesn't work there, you will need to go back and fix that first. Once it works without captive portal redirects, you could open your browser developer tools and see which objects are loaded from what servers/locations and create a guest pre-authentication role that allows all of that traffic through without being redirected.

     

    Hope this at least helps you further.



  • 3.  RE: Untrusted source error on AngularJS External Captive Portal

    MVP GURU
    Posted Oct 04, 2019 08:30 AM

    +1 with Herman, you need to check if you don't use external ressource and open flow on the IAP (on logon CP role)



  • 4.  RE: Untrusted source error on AngularJS External Captive Portal

    Posted Oct 04, 2019 05:05 PM

    Thanks for the reply Herman. I have previously tested the Captive Portal using a desktop PC (as the mobile device) connected to a guest user SSID defined on my Aruba303HR IAP. When the Captive Portal failed to render completely, I opened the Chrome developer tools in the browser to see details of the errors generated by the Captive Portal web app.

     

    There were mutliple access failures. The first failed access attempt was a request to https://fonts.googleapis.com/css?family=Lato:100,300,400,700,900. Perhaps as you suggested this request was blocked by the IAP. An ERR_CERT_AUTHORITY_INVALID error was returned.

     

    The next two access failures where for resources within the Captive Portal applications' root directory. A picture of the directory is shown below.

    CP Source Directory Image.png

    The index.html file was successfully access and rendered on the mobile device and javascript files referenced in the index.html file were also successfully retrieved. However html files in the templates folder were not successfully retrieved. It seems the browser (or angularJS?) returned an untrusted/insecure source error when attempting to retrieve these files. Yet these files are local to the Captive Portal server!

     

    With regard to the request to the fonts.googleapis.com domain, would the inclusion of this domain within a whitelist assigned to the guest user SSID solve this particular access failure.

     

    Thanks again, Robert 



  • 5.  RE: Untrusted source error on AngularJS External Captive Portal
    Best Answer

    EMPLOYEE
    Posted Oct 07, 2019 07:26 AM

    The ERR_CERT_AUTHORITY_INVALID indicates either a redirect or an invalid certificate at the server that hosts your captive portal.

     

    As suggested before, I would first remove the captive portal and make sure the application works in that situation. Did you test that?

     

    Then you can create a pre-authentication role where you allow traffic to all servers that are needed, including that fonts.googleapis.com and your captive portal application server and possible other included sources. That role can be applied as pre-authentication role, after which it should work during the redirect as well. By default, only the server that you configured as external captive portal server is automatically 'whitelisted' through the captive portal. 



  • 6.  RE: Untrusted source error on AngularJS External Captive Portal

    Posted Oct 10, 2019 05:27 PM

    Thanks for the last reply.

     

    Yes, I have tested the application on a client device connected to a secure "employee" SSID defined on the aruba303hr IAP that I'm using. It works fine. 

     

    I will follow your suggestion to create a pre-authentication role with the appropriate internet access rules and associate the role with the guest user SSID that authenticates via the captive portal.

     

    I'll also close out this discussion based on your response. Thanks again.