Welcome, Guest
Username: Password: Remember me

TOPIC: [blocked] Javascript content due to scripts not using relative urls?

[blocked] Javascript content due to scripts not using relative urls? 6 months 5 days ago #106418

Hello,

I've moved this to the forums from the bugtracker id 8864

I am running LimeSurvey 2.05+ under Apache2 running behind an nginx reverse proxy. The latest issue that has come up can be seen from the Google Chrome Development Console output:

[blocked] The page at 'my.site.com/limesurvey/index.php/admin/globalsettings' was loaded over HTTPS, but ran insecure content from 'my.site.com/limesurvey/tmp/assets/b0284c...ss/bootstrap.min.css': this content should also be loaded over HTTPS.

Is there a way to tell LimeSurvey to use use protocol relative urls when referencing scripts? e.g. start with "//" instead of "http(s)://" ?

I'm using a common setup where nginx terminates the SSL connection and proxies via port 80 http upstream to apache2/LimeSurvey.

There might be a clue in function application/helpers/common_helper.php: enforceSSLMode()
$bSSLActive = ((!empty($_SERVER 'HTTPS') && $_SERVER 'HTTPS' != "off")||
(isset($_SERVER 'HTTP_FORWARDED_PROTO') && $_SERVER 'HTTP_FORWARDED_PROTO'=="https")||
(isset($_SERVER 'HTTP_X_FORWARDED_PROTO' ) && $_SERVER 'HTTP_X_FORWARDED_PROTO'=="https"));

So possibly I need to set HTTP_X_FORWARDED_PROTO to 'https' ?

nginx rewrites incoming http to http:
server {
server_name *.mysite.com mysite.com;
listen 80;
listen [::]:80 ipv6only=on;
## redirect all incoming http to https ##
rewrite ^ https://$host$request_uri permanent;
}

nginx listens for https on port 443 in the proxy config file:
location @limesurvey {
proxy_pass http://$service;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header X-Forwarded-Host $server_name;
}

I'm using the default setting from config-defaults.php: $config 'force_ssl' = ''

Thanks for any tips!
Last Edit: 6 months 5 days ago by jleimgruber. Reason: braces gobbling text
The administrator has disabled public write access.

[blocked] Javascript content due to scripts not using relative urls? 6 months 5 days ago #106419

SOLVED!

It works if I set this in the nginx config:

proxy_set_header X-Forwarded-Proto https;
The administrator has disabled public write access.
Moderators: ITEd
Time to create page: 0.090 seconds
Donation Image