Jump to content

Mixed content error in admin of secure site


AAD Web Team
 Share

Recommended Posts

Hi,

We're having a problem with the long-click 'View' option (in the page tree) that previews a page in a modal window.

error-clickview.png.b83eabf32f477754dadcc2b6a7c64007.png

It's a secure site (https://scarcomnap2020.antarctica.gov.au/), but it seems that when a page is loaded within the modal window it's using http instead of https. This is causing an error due to the mixed content (the Firefox web console says: 'Blocked loading mixed active content “http://scarcomnap2020.antarctica.gov.au/venues/?modal=1”').

The consequence is that nothing loads - just a modal window with a spinning graphic in the middle.

error-mixedcontent.thumb.png.9de0ea8e3166f8d085d7f6f07deac622.png

The same thing happens if you choose View > Panel or View > Modal Popup from the View menu when editing a page.

error-viewmenu.png.264d8300ff3d1c4de0d78edd7e632b0b.png

Additionally, we're having a similar issue within ProDrafts - the option to view the draft or published versions of the page works fine, but when you click the 'Both' option, you end up with a blank split screen.

error-viewboth.png.7fd82fd5cba0a81a04f801eee642af46.png

error-blanksplit.thumb.png.40ec5884857a2a8a5a90e41659b3c1c7.png

The source code on this blank splitscreen reveals that the http protocol is being used in this case too:

<body class='ProcessProDraftsViewBoth'>	
	<iframe id='pwpd-draft' class="pane ui-layout-west" src='http://scarcomnap2020.antarctica.gov.au/venues/?draft=1'></iframe>
  	<iframe id='pwpd-published' class="pane ui-layout-center" src='http://scarcomnap2020.antarctica.gov.au/venues/'></iframe>
</body>

We're wondering if this choice of the http protocol is something that is hard-coded in somewhere, or if there is a configuration we might have messed up or missed. Any ideas? Everything else appears to be working fine.

We're running PW 3.0.98 and ProDrafts 6c.

(I noticed the issue because I'm preparing to train our first editor by writing some documentation).

Thanks!

Margaret

Edited by AAD Web Team
The code sample I used was from the wrong bit!
Link to comment
Share on other sites

22 hours ago, Robin S said:

I can't reproduce that on my secure sites - for me the panel and modal load pages over HTTPS.

Normally for an HTTPS-only site you would enable the HTTPS redirection in .htaccess:
https://github.com/processwire/processwire/blob/341342dc5b1c58012ae7cb26cffe2c57cd915552/htaccess.txt#L91-L95

So that would be something to check.

We're using nginx rather than Apache, so we don't actually have an .htaccess file, but I'll get our web manager to double-check the equivalent settings.

Link to comment
Share on other sites

20 hours ago, cstevensjr said:

I would also make sure that on all your templates, you have set to HTTPS Only (SSL encrypted).  I do this for even the System Templates

Thanks for this suggestion. Unfortunately doing this stops our existing http redirect from working (normally if you type in http://scarcomnap2020.antarctica.gov.au you are taken to the https version).

Link to comment
Share on other sites

I've had a dig around in the Wire directory... I've made some changes that have fixed the issue, but obviously that's not ideal as a long-term fix. Anyway, it seems to all relate back to the httpURL method.

In ProcessPageEdit.module I've changed this line:

$url = $this->page->url(); // was previously $url = $this->page->httpUrl();

This fixes the View > Panel and View > Modal popup options from the Edit screen.

In ProcessPageListActions.php I've changed one line in this section:

if($page->viewable()) $actions['view'] = array(
	'cn' => 'View',
	'name' => $this->actionLabels['view'],
	'url' => $page->url // was previously 'url' => $page->httpUrl
);

This fixes the long-click View button in the page tree.

I've also made a change within the ProDrafts module file, once again telling it to use $page->url instead of $page->httpUrl, but I won't go into detail about that here in the general forum. That has fixed the View both option in any case.

So this is great as a temporary fix, but I have no idea whether there could be any wider implications... Any thoughts @ryan? I'd hate to break something else. I'm also stumped as to why the httpUrl method is opting to output http instead of https in just these instances.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...