http https #49

gregpalaci · 2015-12-12T14:30:47Z

remove all hardcoded protocols.....
also security ssl: true doesn't do anything?

example: $.get('//strapi-1-5-gregbenner.c9users.io', function(data) { }); will resolve http or https and work.

Mixed Content: The page at 'https://strapi-1-5-gregbenner.c9users.io/admin/#!/strapi/explorer/post/create' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://strapi-1-5-gregbenner.c9users.io/:8080/admin/explorer/user?limit=10&skip=0&where=%7B%7D'. This request has been blocked; the content must be served over HTTPS.(anonymous function) @ vendors.js:10765sendReq @ vendors.js:10558serverRequest @ vendors.js:10268processQueue @ vendors.js:14792(anonymous function) @ vendors.js:14808Scope.$eval @ vendors.js:16052Scope.$digest @ vendors.js:15870Scope.$apply @ vendors.js:16160done @ vendors.js:10589completeRequest @ vendors.js:10787requestLoaded @ vendors.js:10728
vendors.js:10765 Mixed Content: The page at 'https://strapi-1-5-gregbenner.c9users.io/admin/#!/strapi/explorer/post/create' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://strapi-1-5-gregbenner.c9users.io/:8080/admin/explorer/comment?limit=10&skip=0&where=%7B%7D'. This request has been blocked; the content must be served over HTTPS.(anonymous function) @ vendors.js:10765sendReq @ vendors.js:10558serverRequest @ vendors.js:10268processQueue @ vendors.js:14792(anonymous function) @ vendors.js:14808Scope.$eval @ vendors.js:16052Scope.$digest @ vendors.js:15870Scope.$apply @ vendors.js:16160done @ vendors.js:10589completeRequest @ vendors.js:10787requestLoaded @ vendors.js:10728
vendors.js:12520 Error: [jqLite:nosel] Looking up elements via selectors is not supported by jqLite! See: http://docs.angularjs.org/api/angular.element
http://errors.angularjs.org/1.4.8/jqLite/nosel
    at vendors.js:68
    at JQLite (vendors.js:2809)
    at removeComments (vendors.js:9031)
    at vendors.js:8507
    at processQueue (vendors.js:14792)
    at vendors.js:14808
    at Scope.$eval (vendors.js:16052)
    at Scope.$digest (vendors.js:15870)
    at Scope.$apply (vendors.js:16160)
    at done (vendors.js:10589)(anonymous function) @ vendors.js:12520(anonymous function) @ vendors.js:9292processQueue @ vendors.js:14800(anonymous function) @ vendors.js:14808Scope.$eval @ vendors.js:16052Scope.$digest @ vendors.js:15870Scope.$apply @ vendors.js:16160done @ vendors.js:10589completeRequest @ vendors.js:10787requestLoaded @ vendors.js:10728
vendors.js:29708 GET https://strapi-1-5-gregbenner.c9users.io/admin/select2.png 404 (Not Found)(anonymous function) @ vendors.js:29708forEach @ vendors.js:354computeCssStyles @ vendors.js:29707computeCachedCssStyles @ vendors.js:29827computeTimings @ vendors.js:29890init @ vendors.js:30040prepareRegularAnimation @ vendors.js:30686initDriverFn @ vendors.js:30466invokeFirstDriver @ vendors.js:32141triggerAnimationStart @ vendors.js:31987nextTick @ vendors.js:29432scheduler @ vendors.js:29402(anonymous function) @ vendors.js:32009Scope.$digest @ vendors.js:15946Scope.$apply @ vendors.js:16160done @ vendors.js:10589completeRequest @ vendors.js:10787requestLoaded @ vendors.js:10728
onloadwff.js:417 GET https://strapi-1-5-gregbenner.c9users.io/admin/select2.png 404 (Not Found)lpIsVisible @ onloadwff.js:417fieldIsDoublePassword @ onloadwff.js:976chk_form_has_password @ onloadwff.js:942checkForLoginForm @ onloadwff.js:937setupIcons @ onloadwff.js:672evalScriptsInFrame @ onloadwff.js:212(anonymous function) @ onloadwff.js:403
vendors.js:10765 Mixed Content: The page at 'https://strapi-1-5-gregbenner.c9users.io/admin/#!/strapi/explorer/post/create' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://strapi-1-5-gregbenner.c9users.io/:8080/admin/explorer/user?limit=10&skip=0&where=%7B%7D'. This request has been blocked; the content must be served over HTTPS.(anonymous function) @ vendors.js:10765sendReq @ vendors.js:10558serverRequest @ vendors.js:10268processQueue @ vendors.js:14792(anonymous function) @ vendors.js:14808Scope.$eval @ vendors.js:16052Scope.$digest @ vendors.js:15870Scope.$apply @ vendors.js:16160(anonymous function) @ vendors.js:17927completeOutstandingRequest @ vendors.js:5552(anonymous function) @ vendors.js:5829
vendors.js:10765 Mixed Content: The page at 'https://strapi-1-5-gregbenner.c9users.io/admin/#!/strapi/explorer/post/create' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://strapi-1-5-gregbenner.c9users.io/:8080/admin/explorer/user?limit=10&skip=0&where=%7B%22id%22:%7B%22!%22:%5B1%5D%7D%7D'. This request has been blocked; the content must be served over HTTPS.(anonymous function) @ vendors.js:10765sendReq @ vendors.js:10558serverRequest @ vendors.js:10268processQueue @ vendors.js:14792(anonymous function) @ vendors.js:14808Scope.$eval @ vendors.js:16052Scope.$digest @ vendors.js:15870Scope.$apply @ vendors.js:16160(anonymous function) @ vendors.js:17927completeOutstandingRequest @ vendors.js:5552(anonymous function) @ vendors.js:5829
vendors.js:10765 Mixed Content: The page at 'https://strapi-1-5-gregbenner.c9users.io/admin/#!/strapi/explorer/post/create' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://strapi-1-5-gregbenner.c9users.io/:8080/admin/explorer/comment?limit=10&skip=0&where=%7B%7D'. This request has been blocked; the content must be served over HTTPS.

The text was updated successfully, but these errors were encountered:

loicsaintroch · 2015-12-12T17:29:12Z

Not sure to fully understand your issue. The SSL config needs two keys:

disabled (boolean): If true, this middleware will allow all requests through.
trustProxy (boolean): If true, trust the X-Forwarded-Proto header.

To enable SSL your config should look like this:

{
  "ssl": {
    "disabled": false,
    "trustProxy": false
  }
}

gregpalaci · 2015-12-13T16:42:24Z

You've hardcoded the protocol to http so on an https site everything breaks.

I've fixed it for myself 'hacking' by changing admin/frontend.js line 1775 to Config.backendUrl = '';

Mixed Content: The page at 'https://strapi-1-5-gregbenner.c9users.io/admin/#!/strapi/explorer/post/create' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://strapi-1-5-gregbenner.c9users.io/:8080/admin/explorer/user?limit=10&skip=0&where=%7B%7D'. This request has been blocked;

This is saying hey you are on https site but you tried to use an http request I'm a browser and I don't like that so you can't do it. :)

pierreburgy · 2015-12-15T10:29:42Z

Good catch @gregbenner, we are working on it.

pierreburgy · 2015-12-15T12:17:49Z

We just fixed it : strapi/strapi-generate-admin@26626fb

It will be published in strapi-generate-admin v1.5.2.

Thanks again for your feedback @gregbenner

loicsaintroch · 2015-12-15T13:05:30Z

@gregbenner: can you try the solution of @pierreburgy and give us your feedback please?

gregpalaci · 2015-12-20T00:27:48Z

looks like a solve to get the current host url, @pierreburgy
could also leave it as '/' but should work either way.

loicsaintroch added framework issue: feature request Issue suggesting a new feature labels Dec 12, 2015

loicsaintroch added this to the v1.5.0 milestone Dec 12, 2015

loicsaintroch self-assigned this Dec 12, 2015

loicsaintroch added issue: bug Issue reporting a bug admin and removed documentation issue: feature request Issue suggesting a new feature labels Dec 15, 2015

gregpalaci closed this as completed Dec 20, 2015

strapi locked and limited conversation to collaborators Dec 20, 2015

Aurelsicoko unassigned loicsaintroch Aug 11, 2016

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

http https #49

http https #49

gregpalaci commented Dec 12, 2015

loicsaintroch commented Dec 12, 2015

gregpalaci commented Dec 13, 2015

pierreburgy commented Dec 15, 2015

pierreburgy commented Dec 15, 2015

loicsaintroch commented Dec 15, 2015

gregpalaci commented Dec 20, 2015