jpsim / AWSPics

An AWS CloudFormation stack to run a serverless password-protected photo gallery
https://awspics.net
MIT License
219 stars 60 forks source link

Mixed content - HTTPS to HTTP request #24

Open liwani opened 5 years ago

liwani commented 5 years ago

Hi,

Thank you for a very useful guide and this repo. I was able to deploy the project in AWS but when I try logging in I get Incorrect Username or Password message. When I Inspect the source these are the messages I'm getting: Mixed Content: The page at 'https://.cloudfront.net/' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://.cloudfront.net/Prod/login'. This content should also be served over HTTPS. and Access to XMLHttpRequest at 'https:///Prod/login' from origin 'https://.cloudfront.net' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request.

The project is deployed in us-east-1, I followed instructions on https://www.jpsim.com/awspics/, deployed with SSL cert ARN provided via config.json and with the value for this parameter being empty. In both cases the result is the same. I validated user and password with htpasswd -v command.

I wanted to check if this is a known issue with known quick fix or something I'd need to dig into the code to solve?

Thanks!

jpsim commented 5 years ago

I didn't run into this, sorry.