Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-13963

Stop relying on the application server for redirect URL completion

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 8.4.3
    • Fix Version/s: None
    • Labels:
      None
    • Difficulty:
      Unknown
    • Similar issues:

      Description

      When attempting to install extensions, even during the setup screen for 8.4.4, the following error appears in Chrome's Javascript Console:

      Mixed Content: The page at 'https://[REDACTED]/xwiki/bin/distribution/XWiki/Distribution?xredirect=%2Fxwiki%2Fbin%2Fview%2FXWiki%2Fcrw#Attachments' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://[REDACTED]/xwiki/bin/distribution/XWiki/Distribution?extensio…n%2FXWiki%2FDistribution%3Fxredirect%3D%2Fxwiki%2Fbin%2Fview%2FXWiki%2Fcrw'. This request has been blocked; the content must be served over HTTPS.
      

      It appears that a script request is happening over http, despite the following setting in xwiki.cfg:

      xwiki.url.protocol=https

      FWIW, I am hosting this behind an nginx server which is forwarding all http requests to https; however, Chrome does not know this (obviously) and rejects this request out-of-hand.

      edit: I am also seeing this issue when uploading files via the Attachment uploader. The error in Chrome in this case is:

      xwiki-min.js?defer=false&language=en:3 Uncaught TypeError: Cannot read property 'addClassName' of undefined
          at e.setClass (xwiki-min.js?defer=false&language=en:3)
          at e.initialize (xwiki-min.js?defer=false&language=en:7)
          at e.initialize (prototype.js:11)
          at e.<anonymous> (prototype.js:11)
          at e.initialize (xwiki-min.js?defer=false&language=en:8)
          at e.initialize (prototype.js:11)
          at new e (prototype.js:11)
          at e.<anonymous> (attachments.js?language=en:1)
          at HTMLAnchorElement.<anonymous> (prototype.js:11)
          at HTMLAnchorElement.<anonymous> (prototype.js:18)
      setClass @ xwiki-min.js?defer=false&language=en:3
      initialize @ xwiki-min.js?defer=false&language=en:7
      (anonymous) @ prototype.js:11
      (anonymous) @ prototype.js:11
      initialize @ xwiki-min.js?defer=false&language=en:8
      (anonymous) @ prototype.js:11
      e @ prototype.js:11
      (anonymous) @ attachments.js?language=en:1
      (anonymous) @ prototype.js:11
      (anonymous) @ prototype.js:18
      crw#Attachments:1 Mixed Content: The page at 'https://[REDACTED]/xwiki/bin/view/XWiki/crw#Attachments' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://[REDACTED]/xwiki/bin/get/XWiki/crw?xpage=attachmentslist&forceTestRights=1'. This request has been blocked; the content must be served over HTTPS
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                crw Craig Wright
              • Votes:
                3 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Date of First Response: