> On 21 Feb 2017, at 16:30, aleksey-s <a1e...@ya.ru> wrote: > > Hi! > > We want to use xwiki (7.4.5) in iframe on external site (https), but if I > open page with iframe then browser show next error: > > Mixed Content: The page at 'https://mysite/material/1' was loaded over > HTTPS, but requested an insecure resource > 'http://xwiki-test/xwiki/bin/login/XWiki/XWikiLogin?srid=GQvB3gT7&xredirect=%2Fxwiki%2Fbin%2Fview%2FMain%2F%3Fsrid%3DGQvB3gT7'. > This request has been blocked; the content must be served over HTTPS.
This looks wrong (it could be a bug fixed since 7.4.x is quite old now) since it should use HTTPS and not HTTP. Could you reproduce on a recent XWiki version? > My xwiki works over https (if I go directly to https://xwiki-test/ then > after xwiki redirect me to login page over https) . > > In xwiki.cfg: > > xwiki.url.protocol=https > > On this page /xwiki/bin/view/XWiki/XWikiServerXwiki : > > SECURE (SSL): 1 > > Iframe code: > > <iframe src="https://xwiki-test/xwiki/bin/view/Main/" > > </iframe> > > Why xwiki uses http redirect ? When you request a protected page of the wiki and you’re not logged in then xwiki will ask you to log in and then redirect it to the page you were accessing initially. Thanks -Vincent > View this message in context: > http://xwiki.475771.n2.nabble.com/https-and-iframe-tp7602807.html > Sent from the XWiki- Users mailing list archive at Nabble.com.