[blocked] Javascript content due to scripts not using relative urls?

3 years 1 week ago - 3 years 1 week ago #106418 by jleimgruber

I've moved this to the forums from the Bugtracker id 8864

I am running LimeSurvey 2.05+ under Apache2 running behind an nginx reverse proxy. The latest issue that has come up can be seen from the Google Chrome Development Console output:

[blocked] The page at ' my.site.com/limesurvey/index.php/admin/globalsettings ' was loaded over HTTPS, but ran insecure content from ' my.site.com/limesurvey/tmp/assets/b0284c...ss/bootstrap.min.css ': this content should also be loaded over HTTPS.

Is there a way to tell LimeSurvey to use use protocol relative urls when referencing scripts? e.g. start with "//" instead of "http(s)://" ?

I'm using a common setup where nginx terminates the SSL connection and proxies via port 80 http upstream to apache2/LimeSurvey.

There might be a clue in function application/helpers/common_helper.php: enforceSSLMode()
$bSSLActive = ((!empty($_SERVER 'HTTPS') && $_SERVER 'HTTPS' != "off")||

So possibly I need to set HTTP_X_FORWARDED_PROTO to 'https' ?

nginx rewrites incoming http to http:
server {
server_name *.mysite.com mysite.com;
listen 80;
listen [::]:80 ipv6only=on;
## redirect all incoming http to https ##
rewrite ^ https://$host$request_uri permanent;

nginx listens for https on port 443 in the proxy config file:
location @limesurvey {
proxy_pass http://$service;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header X-Forwarded-Host $server_name;

I'm using the default setting from config-defaults.php: $config 'force_ssl' = ''

Thanks for any tips!
Last Edit: 3 years 1 week ago by jleimgruber. Reason: braces gobbling text

Please Log in to join the conversation.

3 years 1 week ago #106419 by jleimgruber

It works if I set this in the nginx config:

proxy_set_header X-Forwarded-Proto https;

Please Log in to join the conversation.