Servoy 7.4.x
Have a client concerned at Browser “Content Blocked” warnings when using Print Preview - also appears when using the Forum see screenshot.
Solution is using https and shows as secure but people are understandably reluctant to click on the “Load unsafe Scripts” option.
Could not find anything previously on the Forum and welcome suggestions on how others are handling this.
Thanks
Hi Graham,
your customer is getting these warnings, because at that point a page is loaded with scripts that, most likely, use unsafe http connections.
The main page might be secured with a certificate, but scripts could load content over unsafe http connection.
In order to find the source of these messages: open the inspector in Chrome, navigate to the ‘Network’ tab and then see which resources are (trying to be) loaded over http. (They probably appear in red)
This problem might even be some script outside of your application as it can be a Chrome extension that injects a script in each page, which then is trying to load other resources over http.
Try the inspector and you’ll find out very soon
Hope this helps
Thanks Marc - great advice from you as always
Mixed Content: The page at ‘https://xxxx.worxinfo.com/servoy-webclient/application/s/sdlt.3.1’ was loaded over HTTPS, but requested an insecure resource ‘http://xxxx.worxinfo.com/servoy-webclient/resources/servoy/resources’. This request has been blocked; the content must be served over HTTPS.
However, I’m not sure how to resolve this as the offending function is simply to [Print Preview] - all code & forms are on the Servoy Server - but there is a “http://…/servoy-webclient/resources/servoy/resources” call that I presume is made internally by Servoy?
Does anyone know how to change the ‘http://…’ call to 'https://…"?
Thanks
Graham
Hello Graham,
Were you able to solve this issue?
A common thread seems to be that there’s usually a proxy involved. Maybe a transparent one.
Regards,
Richard.
Hi Richard
Short answer - No.
The offending ‘http’ calls are generated by Servoy so no control over them. I reverted to generating the PDF’s and saving in a docs table with button for Users to download. A few extra clicks but not really a big deal.
Graham
Dd you file a bug report?
Because I think that is bug in Servoy!
the server is behind a proxy?
so the https (tls/ssl) is handled by something else?
Then servoy doesnt directly know what it should do if we need to generate a full url. The proxy has to set certain stuff like X-Forwarded-Scheme or Forwarded where the scheme is a part of.
That we we know that we need to generate a https url instead of http.
Hi Johan
It’s a WebClient-only system on one of Harjo’s Servers - he is better placed than me to describe how the setup might interact with Servoy.
Given the move of all Browsers towards requiring https would it be better if Servoy now defaulted to this? I would not have thought there were many circumstances that required a non-secure connection.
we can’t default to this
the proxy/firewall before a servoy tomcat must give this information to us.
But besides that we also have a setting on the admin page “servoy.X-Forwarded-Proto” that can set this info
But besides that we also have a setting on the admin page “servoy.X-Forwarded-Proto” that can set this info
Maybe I need another coffee - but can’t see this on Admin or Network Settings. Is this to keep it out of the hands of people who might be dangerous using it
no because you are on a very old version of Servoy…
