[xwiki-users] https and iframe

2017-02-21 Thread aleksey-s
Hi!

We want to use xwiki (7.4.5) in iframe on external site (https), but if I
open page with iframe then  browser show next error:

Mixed Content: The page at 'https://mysite/material/1' was loaded over
HTTPS, but requested an insecure resource
'http://xwiki-test/xwiki/bin/login/XWiki/XWikiLogin?srid=GQvB3gT7=%2Fxwiki%2Fbin%2Fview%2FMain%2F%3Fsrid%3DGQvB3gT7'.
This request has been blocked; the content must be served over HTTPS.

My xwiki works over https (if I go directly to https://xwiki-test/ then
after xwiki redirect me to login page over https) . 

In xwiki.cfg:

xwiki.url.protocol=https

On this page /xwiki/bin/view/XWiki/XWikiServerXwiki :

SECURE (SSL): 1

Iframe code:

https://xwiki-test/xwiki/bin/view/Main/; >
 

Why xwiki uses http redirect ?  



--
View this message in context: 
http://xwiki.475771.n2.nabble.com/https-and-iframe-tp7602807.html
Sent from the XWiki- Users mailing list archive at Nabble.com.


Re: [xwiki-users] https and iframe

2017-02-21 Thread Vincent Massol

> On 21 Feb 2017, at 16:30, aleksey-s  wrote:
> 
> Hi!
> 
> We want to use xwiki (7.4.5) in iframe on external site (https), but if I
> open page with iframe then  browser show next error:
> 
> Mixed Content: The page at 'https://mysite/material/1' was loaded over
> HTTPS, but requested an insecure resource
> 'http://xwiki-test/xwiki/bin/login/XWiki/XWikiLogin?srid=GQvB3gT7=%2Fxwiki%2Fbin%2Fview%2FMain%2F%3Fsrid%3DGQvB3gT7'.
> This request has been blocked; the content must be served over HTTPS.

This looks wrong (it could be a bug fixed since 7.4.x is quite old now) since 
it should use HTTPS and not HTTP.

Could you reproduce on a recent XWiki version?

> My xwiki works over https (if I go directly to https://xwiki-test/ then
> after xwiki redirect me to login page over https) . 
> 
> In xwiki.cfg:
> 
> xwiki.url.protocol=https
> 
> On this page /xwiki/bin/view/XWiki/XWikiServerXwiki :
> 
> SECURE (SSL): 1
> 
> Iframe code:
> 
> https://xwiki-test/xwiki/bin/view/Main/; >
> 
> 
> Why xwiki uses http redirect ?  

When you request a protected page of the wiki and you’re not logged in then 
xwiki will ask you to log in and then redirect it to the page you were 
accessing initially.

Thanks
-Vincent

> View this message in context: 
> http://xwiki.475771.n2.nabble.com/https-and-iframe-tp7602807.html
> Sent from the XWiki- Users mailing list archive at Nabble.com.