[ajcosta]

Hi everyone,

I need some urgent help as I am getting an error since our domain was changed from http to https.
So if try to open the Designer via the https:// url, I get the error below. If I try directly via the IP address, it works.

Mixed Content: The page at 'https://my.domain/sysworkspace/en/class ... esses/main' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://my.domain/api/1.0/nmc/'. This request has been blocked; the content must be served over HTTPS.

All is working well except when an api call is done internaly by Processmaker.

Processmaker ver: 3.1.3 ce
Centos 7.3
Apache: 2.4.6
PHP: 5.6.30

Thank you

AJ

[amosbatto]

Do you have trigger code which calls REST endpoints at http://my.domain/api/1.0/nmc/. If so, you need to change it to https://my.domain/api/1.0/nmc/ (notice the https part)

You may need to reregister your REST application to use https://my.domain instead of http://my.domain.

If you don't have a REST application, then ignore what I just told you.

Is your installation of PM located at: https://my.domain/sysnmc/... (using the "nmc" workspace) ?

[ajcosta]

Hello amosbatto,

Yes it is "nmc".

After some searching I came up with a solution that works well for me. I found a previous answer of yours regarding SSL Offloading, and that got me to this workarround by editing the file gulliver/system/class.g.php

Code: Select all

    public static function is_https()
    {
      /*  if (isset($_SERVER['HTTPS'])) {
            if ($_SERVER['HTTPS']=='on') {
                return true;
            } else {
                return false;
            }
        } else {
            return false;
        }  */

        if(!empty($_SERVER['HTTP_X_FORWARDED_PROTO'])) {
           return $_SERVER['HTTP_X_FORWARDED_PROTO'];
        } else {
           return false; 
        }
    }

With this code I can access the system via HTTPS or HTTP and it seems to works well so far.

Thank you

Antonio

[amosbatto]

Nice find. Are you using a proxy server?

Here is how I propose changing the function:

Code: Select all

    public static function is_https()
    {
        if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) and !empty($_SERVER['HTTP_X_FORWARDED_PROTO'])) 
        {
            if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
                return true;
            else
                return false;
        }
        elseif (isset($_SERVER['HTTPS'])) {
            if ($_SERVER['HTTPS']=='on') {
                return true;
            } else {
                return false;
            }
        } else {
            return false;
        }  
    }

Can you test this code to see if it works correctly on your server?

[amosbatto]

I have filed an internal bug report about this at: https://processmaker.atlassian.net/browse/TRI-2604

[ajcosta]

We started having his problem when we started using SSL, doing SSL Offload via an external firewall to the server.

I've tested the code you suggested and it works correctly on my server!

Thank you Amos,

António