Coming soon: Your brand new Help Center & Community! Get a sneak-peek here

Load unsecure script message in CS with https

Hi

After switching from http to https on a CS site we get a message (Only in Chrome) saying that the page is trying to load an unsecure script.

The IIS site is running inside the domain with http binding and is exposed externally with a Netscaler (Citrix proxy) solution.

It seems its the screen chooser that creates the message.

setVariable("url", getProgram(1) + "?action=doScreenDefinition&idString=ej_editTicket_productline&entryId=" + entryId + "&actionType=2");

The message only appears when you have a preview in for instance your own tickets, or if you opens the ticket for editing/reply in the same tab.

In Explorer and Edge there are no problem with this.

Is there anyway the set the URL in some other way in the screen chooser so i could hardcode the https address? (The domain is fixed) I have changed the internal and external URL in the config table, but that does not change anything.

RE: Load unsecure script message in CS with https

Hi Ingar, does this mean that NetScaler handles all the HTTPS offloading, and that Service has not been configured to use HTTPS? So IIS is not set up using an HTTPS certificate, and reg_id 186 is not set?

If so, then NetScaler is supposed to handle this scenario as well. There shouldn't be any difference even if this piece of HTML is created in a screenchooser.

Have you found the exact URL Chrome is complaing about? It should be listed in the Console tab if you use F12 in Chrome.

As a sidenote, it is probably preferred to use 

getProgramTicket()

instead of the older

getProgram(1)
Av: Frode Lillerud 23. apr 2017

RE: Load unsecure script message in CS with https

And, yes, it is possible to hardcode the URL (although not recommended).

String url = "https://service.example.com/scripts/ticket.fcgi?action=doScreenDefinition...";
setVariable("url", url);
Av: Frode Lillerud 23. apr 2017

RE: Load unsecure script message in CS with https

Hi Frode,

and thanks for the reply. Yes as you assumed, the IIS with CS is installed inside the domain with only http.

Netscaler is handling all the https to http traffic.

I'll have to take a closer look at this with the ASP provider.

I thought maybe the screen chooser script was executed on the client computer, and that it only knows that CS is installed vith http on the IIS.

Do you know where the URL variable get its value from? I thought maybe it used the URL value from the config table, but the problem remains no matter if this is http or https.

 

Av: Ingar Karlsen 24. apr 2017

RE: Load unsecure script message in CS with https

Hi, Ingar

The screenschooser is executed on the server, and shouldn't cause these errors.

The getProgram* functions get the base URL from the Internal URL under System-settings, I assume.

I suspect this is caused by something else. Use F12 in Chrome to find the URL it is complaining about. It could be something like the URL to a picture in the signature, or something like that instead.

Av: Frode Lillerud 24. apr 2017

RE: Load unsecure script message in CS with https

This is the message:

Mixed Content: The page at 'https://cs.domene.no/scripts/ticket.fcgi?_sf=0&action=listTickets&special=5' was loaded over HTTPS, but requested an insecure resource 'http://cs.domene.no/scripts/ticket.fcgi?_sf=5&action=doScreenDefinition&idString=ej_viewTicket_80&entryId=83359'. This request has been blocked; the content must be served over HTTPS.

Av: Ingar Karlsen 24. apr 2017

RE: Load unsecure script message in CS with https

The internal URL in config table is allready https, so it doesn't seem the get it from there.

Av: Ingar Karlsen 24. apr 2017

RE: Load unsecure script message in CS with https

Try setting the value of reg_id 186 to 1 to force HTTPS, to see if that makes a difference.

Av: Frode Lillerud 24. apr 2017

RE: Load unsecure script message in CS with https

We decided to change the IIS website to htpps also, before I could try this.

When we did that, the issue was solved.

But I could be interesting to know how the URL variable is made up.

Maybe someone in SuperOffice knows?

But thanks for all suggestions Frode (as always...)

Av: Ingar Karlsen 25. apr 2017