Mixed Content: Using SSL

11 views
Skip to first unread message

John Lirac

unread,
Oct 14, 2022, 6:18:57 AM10/14/22
to Fusio
Was able to add ssl into it running via nginx. I am able to load the fusio login page but unable to login. Chrome error says:

Mixed Content: The page at 'https://site.com/apps/fusio/login' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://site.com/index.php/authorization/token'. This request has been blocked; the content must be served over HTTPS.

I had a workaround by editing the apps/fusio/index.html by adding <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">

I thought this resolves the issue however, I had to eddit other apps' index file and add the line. Do we have an easier workaround? or am I missing something in the etc/nginx/sites-available/fusio file settings? thanks

Christoph Kappestein

unread,
Oct 14, 2022, 2:19:16 PM10/14/22
to Fusio
Hi,

this sounds like your FUSIO_URL at the env files was not configured using https, but you can also adjust the url directly at the index.html file, simply update the FUSIO_URL variable using https then the app should also make https requests.
If everything is on https you also dont need to add any workaround.

best regards
Christoph

John Lirac

unread,
Oct 17, 2022, 1:10:26 AM10/17/22
to Fusio
This works. Thanks mate.
Reply all
Reply to author
Forward
0 new messages