> On 21 Feb 2017, at 16:30, aleksey-s <a1e...@ya.ru> wrote:
> Hi!
> We want to use xwiki (7.4.5) in iframe on external site (https), but if I
> open page with iframe then  browser show next error:
> Mixed Content: The page at 'https://mysite/material/1' was loaded over
> HTTPS, but requested an insecure resource
> 'http://xwiki-test/xwiki/bin/login/XWiki/XWikiLogin?srid=GQvB3gT7&xredirect=%2Fxwiki%2Fbin%2Fview%2FMain%2F%3Fsrid%3DGQvB3gT7'.
> This request has been blocked; the content must be served over HTTPS.

This looks wrong (it could be a bug fixed since 7.4.x is quite old now) since 
it should use HTTPS and not HTTP.

Could you reproduce on a recent XWiki version?

> My xwiki works over https (if I go directly to https://xwiki-test/ then
> after xwiki redirect me to login page over https) . 
> In xwiki.cfg:
> xwiki.url.protocol=https
> On this page /xwiki/bin/view/XWiki/XWikiServerXwiki :
> Iframe code:
> <iframe src="https://xwiki-test/xwiki/bin/view/Main/"; >
> </iframe>
> Why xwiki uses http redirect ?  

When you request a protected page of the wiki and you’re not logged in then 
xwiki will ask you to log in and then redirect it to the page you were 
accessing initially.


> View this message in context: 
> http://xwiki.475771.n2.nabble.com/https-and-iframe-tp7602807.html
> Sent from the XWiki- Users mailing list archive at Nabble.com.

Reply via email to