blocked request for js and css when using https and reverse proxy

[matthiasschaub]

First thanks for this tiny todo service. It is exactly what I am looking for! :)

I run mytinytodo in a Docker container behind a reverse proxy (haproxy). haproxy automaticly redirects all incomming connections to https:

frontend main
    bind *:80
    # reqadd X-Forwarded-Proto:\ http
    http-request add-header X-Forwarded-Proto http
    http-request add-header X-Forwarded-For http
    default_backend www-backend

frontend www-https
    bind ...:443 ssl crt /etc/haproxy/certs/...pem
    # reqadd X-Forwarded-Proto:\ https
    http-request add-header X-Forwarded-Proto https
    http-request add-header X-Forwarded-For https

backend www-backend
   # Redirect with code 301 so the browser understands it is a redirect. If it's not SSL_FC.
   # ssl_fc: Returns true when the front connection was made via an SSL/TLS transport
   # layer and is locally deciphered. This means it has matched a socket declared
   # with a "bind" line having the "ssl" option.
   redirect scheme https code 301 if !{ ssl_fc }
   server www 127.0.0.1:80 check

When I now open mytinytodo with chromium the javascripts and css files are requested by mytinytodo using HTTP not HTTPS and chromium blocks those requests. See this screenshot:

I am not sure where to look for a solution to this. Should this be a change in the code or do I need to change something on the deployment side?

I would be happy about any help!

[maxpozdeev]

Seem the script failed to detect https protocol, it does not check any X-Forwarded-xx headers. As a quick workaround try to set the url with https to be used by the script internally. In db/config.php set full path to mytinytodo folder with slash in the end like this:

$config['mtt_url'] = 'https://todo.tld/';

or

$config['mtt_url'] = 'https://todo.domain.tld/mytinytodo/';

[matthiasschaub]

@maxpozdeev thanks for the quick response. Changing $config['mtt_url'] = 'https://todo.tld/'; to the root URL resolved the issue.