https and iframe

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

https and iframe

aleksey-s
Hi!

We want to use xwiki (7.4.5) in iframe on external site (https), but if I open page with iframe then  browser show next error:

Mixed Content: The page at 'https://mysite/material/1' was loaded over HTTPS, but requested an insecure resource 'http://xwiki-test/xwiki/bin/login/XWiki/XWikiLogin?srid=GQvB3gT7&xredirect=%2Fxwiki%2Fbin%2Fview%2FMain%2F%3Fsrid%3DGQvB3gT7'. This request has been blocked; the content must be served over HTTPS.

My xwiki works over https (if I go directly to https://xwiki-test/ then after xwiki redirect me to login page over https) .

In xwiki.cfg:

xwiki.url.protocol=https

On this page /xwiki/bin/view/XWiki/XWikiServerXwiki :

SECURE (SSL): 1

Iframe code:

<iframe src="https://xwiki-test/xwiki/bin/view/Main/" >
 </iframe>

Why xwiki uses http redirect ?  
Reply | Threaded
Open this post in threaded view
|

Re: https and iframe

vmassol
Administrator

> On 21 Feb 2017, at 16:30, aleksey-s <[hidden email]> wrote:
>
> Hi!
>
> We want to use xwiki (7.4.5) in iframe on external site (https), but if I
> open page with iframe then  browser show next error:
>
> Mixed Content: The page at 'https://mysite/material/1' was loaded over
> HTTPS, but requested an insecure resource
> 'http://xwiki-test/xwiki/bin/login/XWiki/XWikiLogin?srid=GQvB3gT7&xredirect=%2Fxwiki%2Fbin%2Fview%2FMain%2F%3Fsrid%3DGQvB3gT7'.
> This request has been blocked; the content must be served over HTTPS.

This looks wrong (it could be a bug fixed since 7.4.x is quite old now) since it should use HTTPS and not HTTP.

Could you reproduce on a recent XWiki version?

> My xwiki works over https (if I go directly to https://xwiki-test/ then
> after xwiki redirect me to login page over https) .
>
> In xwiki.cfg:
>
> xwiki.url.protocol=https
>
> On this page /xwiki/bin/view/XWiki/XWikiServerXwiki :
>
> SECURE (SSL): 1
>
> Iframe code:
>
> <iframe src="https://xwiki-test/xwiki/bin/view/Main/" >
> </iframe>
>
> Why xwiki uses http redirect ?  

When you request a protected page of the wiki and you’re not logged in then xwiki will ask you to log in and then redirect it to the page you were accessing initially.

Thanks
-Vincent

> View this message in context: http://xwiki.475771.n2.nabble.com/https-and-iframe-tp7602807.html
> Sent from the XWiki- Users mailing list archive at Nabble.com.