Mixed Content warnings using https

Justin Pounders shared this question 5 years ago
Completed

Getting the following warnings in a web app that has embedded reports for all images served by yellowfin:

Mixed Content: The page at '<myUrl>' was loaded over HTTPS, but requested an insecure image 'http://<yellowfinUrl>/JsAPI?cmd=img&fn=list_close.gif'. This content should also be served over HTTPS.


I've updated the External Instance Base URL setting to be https and that made the jqueryPath and requirePath variables in jsAPI update to https correctly. baseURL was still http after that change, but I've hard-coded in the https URL for the time being.

First question: Are these two related (the baseURL and images coming from http)?

Second question: Where is this http URL coming from so I can fix it? Can I fix it?

Replies (4)

photo
1

Hi Justin,

Thanks for reaching out with your questions.

First question: Are these two related (the baseURL and images coming from http)? No, the external base URL only affects links that Yellowfin generates back to itself, i.e. sharing or embedding reports, dashboards, or other objects.

Second question: Where is this http URL coming from so I can fix it? Can I fix it? Tomcat is URL agnostic in the sense that it persists an active connection to that which it has connected with. In other words if you connect to https://localhost:8080 it will persist on localhost, same for IP Address or host name.

What comes into play is how you have set up SSL with your Yellowfin instance.

Is your SSL hosted locally within Tomcat or is it managed externally?

Have you made any adjustments to Tomcat to expect HTTPS?

Have you enabled automatic redirection within Tomcat to force HTTPS?

Here's a relevant article regarding some of this.

I'm happy to assist in configuring Yellowfin to not serve images over HTTP if you're able to provide some further insight into the process you've taken to implement SSL. Let me know if you'd prefer this be switched over to a private ticket.

Thanks,

Ryan

photo
1

Hi Justin,

I wanted to check in and see if you've had a chance to review my reply. If I don't hear back, I'll presume I've answered your question and mark this as Answered.

Thanks,

Ryan

photo
1

I am having the exact same issue now. What was the resolution here? I am positive the URL is set correctly in settings and the site works fine using HTTPS, emails have the correct URL, it is only in the script returned by YF for an embed that I see HTTP instead of HTTPS!

photo
1

ok, we fixed this. default server config is not for HTTPS.

we had to update server.xml; apparently, just need to add scheme="https" secure="true" to the connector

Leave a Comment
 
Attach a file