Mixed content (HTTP & HTTPS) while loading app

[enoch85]

Steps to reproduce

1. Install the nextcloud-spreedme-snap
2. Try to reach the app from GUI

Expected behaviour

SpreedMe should be shown

Actual behaviour

Screen is blank (WSOD) and gives me this output with the inspect tool (Chrome)

Mixed Content: The page at 'https://cloud.techandme.se/index.php/apps/spreedme/' was loaded over HTTPS, but requested an insecure resource 'http://cloud.techandme.se/webrtc/'. This request has been blocked; the content must be served over HTTPS.

---

It's installed with the current VM script that can be found here and works locally but fails with my domain.. I should mention that I'm behind a Nginx Reverse Proxy that sends HTTP to my backends.

[enoch85]

Also, if I connect directly to the webrtc I get this:

https://cloud.techandme.se/index.php/s/xhYuZRKhjCGoP0y

[enoch85]

Ok progress... If I add const SPREED_WEBRTC_ORIGIN = 'https://cloud.techandme.se'; in the apps config.php I can at least see something, but then it gets another failure:

VM1267:35 Mixed Content: The page at 'https://cloud.techandme.se/index.php/apps/spreedme/' was loaded over HTTPS, but attempted to connect to the insecure WebSocket endpoint 'ws://cloud.techandme.se/webrtc/ws'. This request has been blocked; this endpoint must be available over WSS.

How do I redirect the ws address to HTTPS too? @oparoz

[enoch85]

When running with Opera I get this in the browser log:

jquery-migrate.min.js?v=da1fd1f…:2 JQMIGRATE: Migrate is installed, version 1.4.0
app.js:240 Mixed Content: The page at 'https://cloud.techandme.se/index.php/apps/spreedme/' was loaded over HTTPS, but attempted to connect to the insecure WebSocket endpoint 'ws://cloud.techandme.se/webrtc/ws'. This endpoint should be available via WSS. Insecure access is deprecated.
o.connect @ app.js:240
app.js:240 Connecting to a non-secure WebSocket server from a secure origin is deprecated.
o.connect @ app.js:240
app.js:240 WebSocket connection to 'ws://cloud.techandme.se/webrtc/ws' failed: Error during WebSocket handshake: Unexpected response code: 500
o.connect @ app.js:240
app.js:240 Mixed Content: The page at 'https://cloud.techandme.se/index.php/apps/spreedme/' was loaded over HTTPS, but attempted to connect to the insecure WebSocket endpoint 'ws://cloud.techandme.se/webrtc/ws'. This endpoint should be available via WSS. Insecure access is deprecated.
o.connect @ app.js:240
(anonymous) @ app.js:240
n @ main.js:40
app.js:240 Connecting to a non-secure WebSocket server from a secure origin is deprecated.
o.connect @ app.js:240
(anonymous) @ app.js:240
n @ main.js:40
app.js:240 WebSocket connection to 'ws://cloud.techandme.se/webrtc/ws' failed: Error during WebSocket handshake: Unexpected response code: 500
o.connect @ app.js:240
(anonymous) @ app.js:240
n @ main.js:40
app.js:240 Mixed Content: The page at 'https://cloud.techandme.se/index.php/apps/spreedme/' was loaded over HTTPS, but attempted to connect to the insecure WebSocket endpoint 'ws://cloud.techandme.se/webrtc/ws'. This endpoint should be available via WSS. Insecure access is deprecated.
o.connect @ app.js:240
(anonymous) @ app.js:240
n @ main.js:40
app.js:240 Connecting to a non-secure WebSocket server from a secure origin is deprecated.
o.connect @ app.js:240
(anonymous) @ app.js:240
n @ main.js:40
app.js:240 WebSocket connection to 'ws://cloud.techandme.se/webrtc/ws' failed: Error during WebSocket handshake: Unexpected response code: 500

[enoch85]

Ok another update.... Added this in my NGINX conf

        location /webrtc/ws {
                proxy_pass https://$upstream:443;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
        }

...and now it works if I allow insecure scripts.

[enoch85]

Ok, strange, now I get this:

{"reqId":"DRXH8LJHOb4ICZQp64um","remoteAddr":"192.168.4.201","app":"index","message":"Exception: {\"Exception\":\"ParseError\",\"Message\":\"syntax error, unexpected 'ff175a99d8906ddbd52f72107e4144' (T_STRING), expecting ',' or ';'\",\"Code\":0,\"Trace\":\"#0 [internal function]: OC\\\\Autoloader->load('OCA\\\\\\\\SpreedME\\\\\\\\Co...')\\n#1 [internal function]: spl_autoload_call('OCA\\\\\\\\SpreedME\\\\\\\\Co...')\\n#2 \\\/var\\\/www\\\/nextcloud\\\/apps\\\/spreedme\\\/helper\\\/helper.php(127): class_exists('\\\\\\\\OCA\\\\\\\\SpreedME\\\\\\\\C...', true)\\n#3 \\\/var\\\/www\\\/nextcloud\\\/apps\\\/spreedme\\\/helper\\\/helper.php(121): OCA\\\\SpreedME\\\\Helper\\\\Helper::doesPhpConfigExist()\\n#4 \\\/var\\\/www\\\/nextcloud\\\/apps\\\/spreedme\\\/controller\\\/pagecontroller.php(29): OCA\\\\SpreedME\\\\Helper\\\\Helper::notifyIfAppNotSetUp()\\n#5 [internal function]: OCA\\\\SpreedME\\\\Controller\\\\PageController->__construct('spreedme', Object(OC\\\\AppFramework\\\\Http\\\\Request), NULL)\\n#6 \\\/var\\\/www\\\/nextcloud\\\/lib\\\/private\\\/AppFramework\\\/Utility\\\/SimpleContainer.php(67): ReflectionClass->newInstanceArgs(Array)\\n#7 \\\/var\\\/www\\\/nextcloud\\\/lib\\\/private\\\/AppFramework\\\/Utility\\\/SimpleContainer.php(84): OC\\\\AppFramework\\\\Utility\\\\SimpleContainer->buildClass(Object(ReflectionClass))\\n#8 \\\/var\\\/www\\\/nextcloud\\\/lib\\\/private\\\/AppFramework\\\/Utility\\\/SimpleContainer.php(105): OC\\\\AppFramework\\\\Utility\\\\SimpleContainer->resolve('OCA\\\\\\\\SpreedME\\\\\\\\Co...')\\n#9 \\\/var\\\/www\\\/nextcloud\\\/lib\\\/private\\\/AppFramework\\\/App.php(98): OC\\\\AppFramework\\\\Utility\\\\SimpleContainer->query('OCA\\\\\\\\SpreedME\\\\\\\\Co...')\\n#10 \\\/var\\\/www\\\/nextcloud\\\/lib\\\/private\\\/AppFramework\\\/Routing\\\/RouteActionHandler.php(47): OC\\\\AppFramework\\\\App::main('OCA\\\\\\\\SpreedME\\\\\\\\Co...', 'index', Object(OC\\\\AppFramework\\\\DependencyInjection\\\\DIContainer), Array)\\n#11 [internal function]: OC\\\\AppFramework\\\\Routing\\\\RouteActionHandler->__invoke(Array)\\n#12 \\\/var\\\/www\\\/nextcloud\\\/lib\\\/private\\\/Route\\\/Router.php(293): call_user_func(Object(OC\\\\AppFramework\\\\Routing\\\\RouteActionHandler), Array)\\n#13 \\\/var\\\/www\\\/nextcloud\\\/lib\\\/base.php(983): OC\\\\Route\\\\Router->match('\\\/apps\\\/spreedme\\\/')\\n#14 \\\/var\\\/www\\\/nextcloud\\\/index.php(48): OC::handleRequest()\\n#15 {main}\",\"File\":\"\\\/var\\\/www\\\/nextcloud\\\/apps\\\/spreedme\\\/config\\\/config.php\",\"Line\":28}","level":3,"time":"2016-10-31T01:50:14+01:00","method":"GET","url":"\/index.php\/apps\/spreedme\/","user":"--"}

Same settings as latest post.

[enoch85]

(Removed Spreed Me)

Any ideas?

[oparoz]

You cannot use the snap using HTTP only, so I think that the problem here is your reverse proxy.

You also cannot access Spreed.ME directly. You have to use the app within Nextcloud.

[enoch85]

@oparoz I was thinking this is something that could be setup directly in the snap?

I'm trying with the Nextcloud App, but it fails. Though I can reach the WebRTC directly over https...

[oparoz]

I was thinking this is something that could be setup directly in the snap?

The snap has been simplified and the HTTPS routines for spreed.ME removed. It's designed to be used with a reverse proxy which handles all SSL requests and connects locally via HTTP.

[enoch85]

Hmm.. this is exactly what my Nginx Reverse Proxy does. How do you use it?

Reported upstream as well --^

[oparoz]

How do you use it?

https://github.com/nextcloud/spreedme-snap#1-set-up-your-reverse-proxy

[enoch85]

Got it working again (updated the script a bit) and now I can use it as long as I allow insecure scripts, but I still get this in the browser log:

VM1560:35 Mixed Content: The page at 'https://cloud.techandme.se/index.php/apps/spreedme/' was loaded over HTTPS, but attempted to connect to the insecure WebSocket endpoint 'ws://cloud.techandme.se/webrtc/ws'. This endpoint should be available via WSS. Insecure access is deprecated.WrappedWebSocket @ VM1560:35
VM1560:35 Connecting to a non-secure WebSocket server from a secure origin is deprecated.

Connecting to a non-secure WebSocket server from a secure origin is deprecated. Is there some way to make the socket secure?

[enoch85]

This solved it: nextcloud/vm@cf86ab9

[oparoz]

Great. I need to collect a working NGINX config and add it to the readme so that others don't run into the same issue.

[enoch85]

It's easy, just do as I did in this thread. :) The issue was solved by not enforcinig the HTTPS ENV

[oparoz]

I'll just use this but enforcing HTTP:
https://github.com/strukturag/spreed-webrtc/blob/master/doc/NGINX.txt

[enoch85]

Yes, that's the Nginx config if you don't run Nginx as a Reverse Proxy, that were the case in this issue.

[enoch85]

@oparoz IRC please :)

[ulikoehler]

For everyone who has the same issue: My simple guide on how to fix this:
https://techoverflow.net/2020/02/09/how-to-fix-nextcloud-onlyoffice-mixedcontent-or-refused-to-frame-http-because-it-violates-the-following-content-security-policy-directive-frame-src-https/

TL;DR:
Add

proxy_set_header X-Forwarded-Proto $scheme;

to your nginx location clause.