search

akeneo / pim-community-dev

[Community Development Repository] The open source Product Information Management (PIM)
http://www.akeneo.com
Other
954 stars 514 forks source link

Mixed Content Error during logout #8086

Closed pkraeutli closed 4 years ago

pkraeutli commented 6 years ago

When running Akeneo v2.023 on HTTPS, the following error is shown on logout because some content is loaded via HTTP:

Mixed Content: The page at 'https://xxxx/#/user/logout' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://xxxx/'. This request has been blocked; the content must be served over HTTPS.

screen_shot_2018-05-03_at_15_13_49

System report

[Edition]
CE

[Version]
2.0.23

[Umgebung]
prod

[Installationszeit]
2017-11-22T11:15:24+0100

[Server-Version]
Apache

[Anzahl der Kanäle]
1

[Anzahl der Gebietsschemas]
1

[Anzahl der Produkte]
171

[Anzahl der Familien]
2

[Anzahl der Benutzer]
7

[Anzahl der Attribute]
84

[Anzahl der Attribute mit Gültigkeitsbereichen]
1

[Anzahl der lokalisierbaren Attribute]
15

[Anzahl der lokalisierbaren Attribute mit Gültigkeitsbereichen]
0

[OS-Version]
Linux xxx 4.4.0-101-generic #124-Ubuntu SMP Fri Nov 10 18:29:59 UTC 2017 x86_64

[PHP-Version]
7.1.11-1+ubuntu16.04.1+deb.sury.org+1

[MySQL-Version]
5.7.20-0ubuntu0.16.04.1

[PHP-Erweiterungen]
Core
date
libxml
openssl
pcre
zlib
filter
hash
Reflection
SPL
session
standard
cgi-fcgi
mysqlnd
PDO
xml
apcu
apc
bcmath
calendar
ctype
curl
dom
exif
fileinfo
ftp
gd
gettext
iconv
imagick
intl
json
mcrypt
mysqli
pdo_mysql
Phar
posix
readline
shmop
SimpleXML
soap
sockets
sysvmsg
sysvsem
sysvshm
tokenizer
wddx
xmlreader
xmlwriter
xsl
zip
Zend OPcache

[Registrierte Bundles]
Akeneo\Bundle\BatchBundle\AkeneoBatchBundle
Akeneo\Bundle\BatchQueueBundle\AkeneoBatchQueueBundle
Akeneo\Bundle\BufferBundle\AkeneoBufferBundle
Akeneo\Bundle\ClassificationBundle\AkeneoClassificationBundle
Akeneo\Bundle\ElasticsearchBundle\AkeneoElasticsearchBundle
Akeneo\Bundle\FileStorageBundle\AkeneoFileStorageBundle
Akeneo\Bundle\MeasureBundle\AkeneoMeasureBundle
Akeneo\Bundle\StorageUtilsBundle\AkeneoStorageUtilsBundle
Doctrine\Bundle\DoctrineBundle\DoctrineBundle
Doctrine\Bundle\DoctrineCacheBundle\DoctrineCacheBundle
Doctrine\Bundle\FixturesBundle\DoctrineFixturesBundle
Doctrine\Bundle\MigrationsBundle\DoctrineMigrationsBundle
Escape\WSSEAuthenticationBundle\EscapeWSSEAuthenticationBundle
FOS\JsRoutingBundle\FOSJsRoutingBundle
FOS\OAuthServerBundle\FOSOAuthServerBundle
FOS\RestBundle\FOSRestBundle
JMS\SerializerBundle\JMSSerializerBundle
Knp\Bundle\MenuBundle\KnpMenuBundle
Liip\ImagineBundle\LiipImagineBundle
Oneup\FlysystemBundle\OneupFlysystemBundle
Oro\Bundle\AsseticBundle\OroAsseticBundle
Oro\Bundle\ConfigBundle\OroConfigBundle
Oro\Bundle\DataGridBundle\OroDataGridBundle
Oro\Bundle\FilterBundle\OroFilterBundle
Oro\Bundle\SecurityBundle\OroSecurityBundle
Oro\Bundle\TranslationBundle\OroTranslationBundle
Oro\Bundle\UserBundle\OroUserBundle
Pim\Bundle\AnalyticsBundle\PimAnalyticsBundle
Pim\Bundle\ApiBundle\PimApiBundle
Pim\Bundle\CatalogBundle\PimCatalogBundle
Pim\Bundle\CommentBundle\PimCommentBundle
Pim\Bundle\ConnectorBundle\PimConnectorBundle
Pim\Bundle\DashboardBundle\PimDashboardBundle
Pim\Bundle\DataGridBundle\PimDataGridBundle
Pim\Bundle\EnrichBundle\PimEnrichBundle
Pim\Bundle\FilterBundle\PimFilterBundle
Pim\Bundle\ImportExportBundle\PimImportExportBundle
Pim\Bundle\InstallerBundle\PimInstallerBundle
Pim\Bundle\LocalizationBundle\PimLocalizationBundle
Pim\Bundle\NavigationBundle\PimNavigationBundle
Pim\Bundle\NotificationBundle\PimNotificationBundle
Pim\Bundle\PdfGeneratorBundle\PimPdfGeneratorBundle
Pim\Bundle\ReferenceDataBundle\PimReferenceDataBundle
Pim\Bundle\UIBundle\PimUIBundle
Pim\Bundle\UserBundle\PimUserBundle
Pim\Bundle\VersioningBundle\PimVersioningBundle
Sensio\Bundle\FrameworkExtraBundle\SensioFrameworkExtraBundle
Symfony\Bundle\AsseticBundle\AsseticBundle
Symfony\Bundle\FrameworkBundle\FrameworkBundle
Symfony\Bundle\MonologBundle\MonologBundle
Symfony\Bundle\SecurityBundle\SecurityBundle
Symfony\Bundle\SwiftmailerBundle\SwiftmailerBundle
Symfony\Bundle\TwigBundle\TwigBundle
ankit-sf commented 6 years ago

@pkraeutli did you resolve this issue?

pkraeutli commented 6 years ago

@ankit-sf no, probably still exists (I am still running the same Akeneo version so I don't know if they fixed it in a later version).

ankit-sf commented 6 years ago

I think issue is related to https://github.com/FriendsOfSymfony/FOSJsRoutingBundle/issues/280 in my Akeneo 2.3.4 installation, extern.js in jsroutingbundle doesn't contains changes done by https://github.com/FriendsOfSymfony/FOSJsRoutingBundle/pull/254

http://i.prntscr.com/g3zWUxiIQzaARFw2UHIO2A.png

simonmaass commented 5 years ago

I am having the same issue (CE2.3.17):

Mixed Content: The page at 'https://xxxx.io/#/user/logout' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://xxxx.io/'. This request has been blocked; the content must be served over HTTPS.

any help on this?

simonmaass commented 5 years ago

i got it to work...

/ In case your app is running behind a reverse-proxy/load-balancer set an environment variable TRUSTED_PROXY_IPS defining IPs or IP ranges as a comma list (example : TRUSTED_PROXY_IPS="10.0.0.0/8") to allow usage of X-Forwarded- headers */