How to fix a website with blocked mixed content

0
Hello everyone,  I'm trying to publish the REST microflow service. When I access to Swagger UI page, it works fine on localhost (HTTP) but doesn't work on server (HTTPS). I'm getting the message, "Error:  Mixed Content: The page at 'https://mydomainname/rest-doc/iTreeMfService' was loaded over HTTPS, but requested an insecure script 'http://mydomainname/rest-doc/swagger-ui-standalone-preset.js'. This request has been blocked; the content must be served over HTTPS." Did I do something wrong?  Any idea or suggestion?  Thank you
asked
5 answers
0

Hello Surasak,

To me, this seems like a bug on the page generated by the rest-doc generator. Instead of loading the JavaScript file mentioned via HTTPS it is loading it via HTTP which a browser will flag as insecure content and automatically block.

Probably best to file a support ticket to make this known to Mendix.

Best,

Mitchel

answered
0

Hello Mitchel,

Thank you for the reply.
I update modeler to v7.12, but got the same result.

Best Regards,
Surasak

answered
0

In Chrome and among other browsers, you cannot have HTTPS and HTTP requests mixed. Choose either one of them. Your best bet is tracing down where (in what file) the request is being made and simply change the URL from HTTP to HTTPS. 

This is nothing related to Mendix, as I had these issues a lot of time as well when hand-coding simple static websites. That is works on localhost, but doesn't when on a live server is simply a default rule of your browser. Localhost is like "Meh, I don't care".

answered
0

Hello,

Please let me know if there was any solution found for this issue. We have similar issue in our Mendix app., which is being hosted in an on-prem environment.

Modeler version we are using is 7.16.

 

answered
0

Hi,

 

I experienced this issue before. I guess that the application is running behind NGINX web server.

 

The following NGINX configuration must be added inside 'server' directive.

proxy_set_header X-Forwarded-Proto $scheme

 

This will prevent Swagger UI from being called in HTTP manner within HTTPS connection.

 

I hope this will help whoever found this issue.

answered