Here's what's going on according to my testing: - /blue/js-extensions/ is the only affected resource - The page attempts to load https://example.com/blue/js-extensions (NB: no trailing slash) - This results in a 302, redirecting to Location: http://example.com/blue/js-extensions/ (NB: trailing slash, but no HTTPS) - If I'm visiting this location directly, HSTS will send me (307) to https://example.com/blue/js-extensions/ (finally, the working URL), but HSTS doesn't seem to be applied to <script src> by UAs (or at least not consistently).
Why https://example.com/blue/js-extensions redirects to http://example.com/blue/js-extensions/ and changes the protocol, I'm not sure. There doesn't seem to be anything in my nginx config about trailing slashes specifically. I am using `proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`. Like the other respondents, I've been using HTTPS Jenkins for years, have the correct protocol in the 'Jenkins Location' setting, and all the other assets on /blue/ (e.g. blueorigin.js or blueorigin.css) are being loaded over HTTPS correctly. Regards, Dom On Thursday, 28 July 2016 10:45:36 UTC+12, Michael Neale wrote: > It's hard to say, it could be a quirk of proxy settings. The resources > don't specify any absolute paths that I can tell. > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/465f8736-b0ee-426b-ac01-953f61e99951%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
