Mixed content error

Ihab Chaaban asked on October 7, 2019 08:43

Dears,

We are using Kentico v12.0.37, after running our website over Https we start encounter errors that mention:

Mixed Content: The page at URL was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint URL. This request has been blocked; the content must be served over HTTPS.

this error appear when we are trying to add new attachment to a page and attaching any document or picture to the page failed.

SSL termination happened on our Web Application Firewall. While checking the FW logs, we didn't found any blocked traffic. After doing some inspection, we found that the page is blocked from the browser side saying that there is a Mixed Content error.

Here is a sample of the error:

"GetResource.ashx?scriptmodule=/AdminControls/MultiFileUploader.js:1 Mixed Content: The page at 'https://omsar.gov.lb/Admin/cmsadministration.aspx#95a82f36-9c40-45f0-86f1-39aa44db9a77' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://omsar.gov.lb/CMSModules/Content/CMSPages/Authenticated/MultiFileUploader.ashx?InstanceGuid=4122b81a-6693-401a-a96f-55021c0b389f&filename=election%20error2.png&FilesCount=1&ResizeArgs=0;0;0&GetBytes=true&AttachmentArgs=DocumentID%7c3217%7cDocumentParentNodeID%7c1256%7cNodeClassName%7ccustom.Study%7cAttachmentGUIDColumnName%7c%7cAttachmentGUID%7c00000000-0000-0000-0000-000000000000%7cAttachmentGroupGUID%7c00000000-0000-0000-0000-000000000000%7cFormGUID%7c00000000-0000-0000-0000-000000000000%7cIsFieldA...veJavascript%7c%7cTargetFolderPath%7c%7cTargetFileName%7c%7cIncludeNewItemInfo%7cFalse%7cOnlyImages%7cFalse%7cRaiseOnClick%7cFalse%7cTargetAliasPath%7c%7cTargetCulture%7c%7cEventTarget%7c%7cHash%7c01ee2a53cad9a4321a6e54ebbf092a366d4c4821f412cd63751669fc1e05d663&CurrentFileIndex=1&FileSize=59085&AllowedExtensions=pdf;doc;docx;ppt;pptx;xls;xlsx;htm;html;xml;bmp;gif;jpg;jpeg;png;wav;wma;wmv;mp3;mp4;mpg;mpeg;mov;avi;swf;rar;zip;txt;rtf;tiff|Hash|21dcf07113d616aad1f639c5e7effe867f9e13e90631dbce6407dc16e7880258'. This request has been blocked; the content must be served over HTTPS."

Is there any solution should be done from Kentico side?

Regards, Ihab

Recent Answers

Juraj Ondrus answered on October 7, 2019 10:28

You need to use the SSL accelerator code to let Kentico know that the SSL is terminated before the actual web server and that Kentico should be generating HTTPS in the links. Regrettably, there is currently a bug in Kentico, so if you are using hotfix 35 or later, the SSL accelerator does not work. We are already working on fixing this issue into this week's hotfix no.43. As a workaround, you can try adding one line (wrapped into ** in the sample below) to the SSL accelerator code:

 // Checks if requests are forwarded as SSL

private static void HandleSSLRequests(object sender, EventArgs e)

{

    if ((HttpContext.Current != null) && (HttpContext.Current.Request != null))

    {
 //Add this line as a workround
**RequestContext.CurrentURL = RequestContext.CurrentURL;**

        // always consider as HTTPS

        RequestContext.IsSSL = true;

    }

}
0 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.