Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-13963

Stop relying on the application server by default to resolve relative redirect URLs

    XMLWordPrintable

Details

    • Unknown

    Description

      When attempting to install extensions, even during the setup screen for 8.4.4, the following error appears in Chrome's Javascript Console:

      Mixed Content: The page at 'https://[REDACTED]/xwiki/bin/distribution/XWiki/Distribution?xredirect=%2Fxwiki%2Fbin%2Fview%2FXWiki%2Fcrw#Attachments' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://[REDACTED]/xwiki/bin/distribution/XWiki/Distribution?extensio…n%2FXWiki%2FDistribution%3Fxredirect%3D%2Fxwiki%2Fbin%2Fview%2FXWiki%2Fcrw'. This request has been blocked; the content must be served over HTTPS.

      It appears that a script request is happening over http, despite the following setting in xwiki.cfg:

      xwiki.url.protocol=https

      FWIW, I am hosting this behind an nginx server which is forwarding all http requests to https; however, Chrome does not know this (obviously) and rejects this request out-of-hand.

      edit: I am also seeing this issue when uploading files via the Attachment uploader. The error in Chrome in this case is:

      xwiki-min.js?defer=false&language=en:3 Uncaught TypeError: Cannot read property 'addClassName' of undefined
    at e.setClass (xwiki-min.js?defer=false&language=en:3)
    at e.initialize (xwiki-min.js?defer=false&language=en:7)
    at e.initialize (prototype.js:11)
    at e.<anonymous> (prototype.js:11)
    at e.initialize (xwiki-min.js?defer=false&language=en:8)
    at e.initialize (prototype.js:11)
    at new e (prototype.js:11)
    at e.<anonymous> (attachments.js?language=en:1)
    at HTMLAnchorElement.<anonymous> (prototype.js:11)
    at HTMLAnchorElement.<anonymous> (prototype.js:18)
setClass @ xwiki-min.js?defer=false&language=en:3
initialize @ xwiki-min.js?defer=false&language=en:7
(anonymous) @ prototype.js:11
(anonymous) @ prototype.js:11
initialize @ xwiki-min.js?defer=false&language=en:8
(anonymous) @ prototype.js:11
e @ prototype.js:11
(anonymous) @ attachments.js?language=en:1
(anonymous) @ prototype.js:11
(anonymous) @ prototype.js:18
crw#Attachments:1 Mixed Content: The page at 'https://[REDACTED]/xwiki/bin/view/XWiki/crw#Attachments' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://[REDACTED]/xwiki/bin/get/XWiki/crw?xpage=attachmentslist&forceTestRights=1'. This request has been blocked; the content must be served over HTTPS

      Attachments

        Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. LDAP-78 "Reset group cache" has port 80 hardcoded

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. XWIKI-16693 Cannot upgrade xwiki to 11.7 under ssl

          • Major - Major loss of function.
          • Closed
          is related to

          Bug - A problem which impairs or prevents the functions of the product. XWIKI-13435 Incorrect domain name in external URL generated from a scheduler job

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Activity

            People

              tmortagne Thomas Mortagne
              crw Craig Wright
              Votes:
              4 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: