Mixed Content warnings using https

Justin Pounders shared this question 8 months ago
Answered

Getting the following warnings in a web app that has embedded reports for all images served by yellowfin:

Mixed Content: The page at '<myUrl>' was loaded over HTTPS, but requested an insecure image 'http://<yellowfinUrl>/JsAPI?cmd=img&fn=list_close.gif'. This content should also be served over HTTPS.


I've updated the External Instance Base URL setting to be https and that made the jqueryPath and requirePath variables in jsAPI update to https correctly. baseURL was still http after that change, but I've hard-coded in the https URL for the time being.

First question: Are these two related (the baseURL and images coming from http)?

Second question: Where is this http URL coming from so I can fix it? Can I fix it?

Comments (2)

photo
1

Hi Justin,

Thanks for reaching out with your questions.

First question: Are these two related (the baseURL and images coming from http)? No, the external base URL only affects links that Yellowfin generates back to itself, i.e. sharing or embedding reports, dashboards, or other objects.

Second question: Where is this http URL coming from so I can fix it? Can I fix it? Tomcat is URL agnostic in the sense that it persists an active connection to that which it has connected with. In other words if you connect to https://localhost:8080 it will persist on localhost, same for IP Address or host name.

What comes into play is how you have set up SSL with your Yellowfin instance.

Is your SSL hosted locally within Tomcat or is it managed externally?

Have you made any adjustments to Tomcat to expect HTTPS?

Have you enabled automatic redirection within Tomcat to force HTTPS?

Here's a relevant article regarding some of this.

I'm happy to assist in configuring Yellowfin to not serve images over HTTP if you're able to provide some further insight into the process you've taken to implement SSL. Let me know if you'd prefer this be switched over to a private ticket.

Thanks,

Ryan

photo
1

Hi Justin,

I wanted to check in and see if you've had a chance to review my reply. If I don't hear back, I'll presume I've answered your question and mark this as Answered.

Thanks,

Ryan