EPrints Technical Mailing List Archive
See the EPrints wiki for instructions on how to join this mailing list and related information.
Message: #09443
< Previous (by date) | Next (by date) > | < Previous (in thread) | Next (in thread) > | Messages - Most Recent First | Threads - Most Recent First
Re: [EP-tech] Mixed Content
- To: eprints-tech@ecs.soton.ac.uk
- Subject: Re: [EP-tech] Mixed Content
- From: "Agung Prasetyo W." <prazetyo@gmail.com>
- Date: Mon, 2 Oct 2023 21:27:05 +0700
*** Options: https://wiki.eprints.org/w/Eprints-tech_Mailing_ListCAUTION: This e-mail originated outside the University of Southampton.CAUTION: This e-mail originated outside the University of Southampton.Internal
Hi David
We went ahead and added the ($c->{http_url} = "$uri"; and $c->{http_cgiurl} = "$uri/cgi";) settings in the 20_baseurls.pl file but are still receiving the error when clicking on “choose file” to upload a file.
Mixed Content: The page at 'https://eprints.kfupm.edu.sa/cgi/users/home?screen=EPrint::Edit&eprintid=142529&stage=files#t' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://eprints.kfupm.edu.sa/cgi/users/home?csrf_token=1696235789%3A7760c7306de2042b1ca48603739ac69f&screen=EPrint%3A%3AEdit&eprintid=142529&stage=files&c2_Screen%3A%3AEPrint%3A%3AUploadMethod%3A%3AURL_url=&component=c3&c3_export=119120'. This request has been blocked; the content must be served over HTTPS.
Please note that the issue is with redirecting from https https://eprints.kfupm.edu.sa/cgi/users/home?screen=EPrint::Edit ... “ to “'http://eprints.kfupm.edu.sa/cgi/users/home?csrf_token= ...
Which file does this redirection? Maybe we can check the file for any http settings and modify to https.
Thanks,
Maher
From: eprints-tech-request@ecs.soton.ac.uk <eprints-tech-request@ecs.soton.ac.uk> On Behalf Of Maher Abdellatif Ahmad Qahwash
Sent: Monday, October 2, 2023 8:51 AM
To: David R Newman <drn@ecs.soton.ac.uk>; eprints-tech@ecs.soton.ac.uk
Subject: RE: [EP-tech] Mixed Content
CAUTION: This e-mail originated outside the University of Southampton. CAUTION: This e-mail originated outside the University of Southampton. Internal Hi David Thank you for your continuous support. The below settings are already set in the
ZjQcmQRYFpfptBannerStart
Warning: This email has been sent from outside KFUPM. Do not open links or attachments unless you are sure they are safe.
ZjQcmQRYFpfptBannerEnd
CAUTION: This e-mail originated outside the University of Southampton.
CAUTION: This e-mail originated outside the University of Southampton.
Internal
Hi David
Thank you for your continuous support.
The below settings are already set in the 20_baseurls.pl,
my $uri = URI->new( "http://" );
if( EPrints::Utils::is_set( $c->{securehost} ) )
{
$uri->scheme( "https" );
$uri->host( $c->{securehost} );
$uri->port( $c->{secureport} );
$uri = $uri->canonical;
$uri->path( $c->{https_root} );
}
else
{
$uri->scheme( "http" );
$uri->host( $c->{host} );
$uri->port( $c->{port} );
$uri = $uri->canonical;
$uri->path( $c->{http_root} );
}As for the ($c->{http_url} = "$uri"; and $c->{http_cgiurl} = "$uri/cgi";) settings, we already have them set in the 10_core.pl file as follows:
$c->{http_url} = 'https://eprints.kfupm.edu.sa';
$c->{http_cgiroot} = 'https://eprints.kfupm.edu.sa/cgi';
$c->{http_cgiurl} = 'https://eprints.kfupm.edu.sa/cgi';
$c->{base_url} = "https://$c->{host}";
Do we still need to add the ($c->{http_url} = "$uri"; and $c->{http_cgiurl} = "$uri/cgi";) in the 20_baseurls.pl file?
If not, then are there any other files we need to change to resolve the error we are facing when uploading a file?
Thanks
Maher
From: David R Newman <drn@ecs.soton.ac.uk>
Sent: Sunday, October 1, 2023 10:43 PM
To: eprints-tech@ecs.soton.ac.uk; Maher Abdellatif Ahmad Qahwash <qahwash@kfupm.edu.sa>
Subject: Re: [EP-tech] Mixed Content
Hi Maher, What you want to do (as you are running pre 3. 4. 1) you will need to change the default scheme and then manually set the HTTP URLs settings in lib/cfg. d/20_baseurls. pl. So first make sure the block of code that sets the default scheme
ZjQcmQRYFpfptBannerStart
Warning: This email has been sent from outside KFUPM. Do not open links or attachments unless you are sure they are safe.
ZjQcmQRYFpfptBannerEnd
Hi Maher,
What you want to do (as you are running pre 3.4.1) you will need to change the default scheme and then manually set the HTTP URLs settings in lib/cfg.d/20_baseurls.pl. So first make sure the block of code that sets the default scheme looks like this (and defaults to HTTPS):
my $uri = URI->new( "http://" );
if( EPrints::Utils::is_set( $c->{securehost} ) )
{
$uri->scheme( "https" );
$uri->host( $c->{securehost} );
$uri->port( $c->{secureport} );
$uri = $uri->canonical;
$uri->path( $c->{https_root} );
}
else
{
$uri->scheme( "http" );
$uri->host( $c->{host} );
$uri->port( $c->{port} );
$uri = $uri->canonical;
$uri->path( $c->{http_root} );
}
Then below this and after the settings for base_url and perl_url add:
$c->{http_url} = "$uri";
$c->{http_cgiurl} = "$uri/cgi";
Once you are done run "epadmin test". Then reload the webserver. Also to make sure caches are clear be sure to run "epadmin refresh_views", "epadmin refresh_abstracts" and "generate_static" before testing pages to make sure mixed content warnings have been fixed. EPrints 3.4.1 (official release) has fixed many of the mixed content warnings if you had the correct config. However, it was not until later versions where some outstanding issues were fixed and the need to manually set http_url and http_cgiurl was no longer needed.
Regards
David NewmanOn 01/10/2023 2:37 pm, Maher Abdellatif Ahmad Qahwash wrote:
CAUTION: This e-mail originated outside the University of Southampton.
CAUTION: This e-mail originated outside the University of Southampton.
Internal
Hi
We are running eprints 3.4.1 rc2, only recently for some reason users are facing issues when uploading a file. The following error is generated:
/cgi/users/home?screen=EPrint::Edit&eprintid=142511&stage=files#t:1 Mixed Content: The page at 'https://eprints.kfupm.edu.sa/cgi/users/home?screen=EPrint::Edit&eprintid=142511&stage=files#t' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://eprints.kfupm.edu.sa/cgi/users/home?csrf_token=1696158508%3A255c5c0055815c8209be816b4315cacf&screen=EPrint%3A%3AEdit&eprintid=142511&stage=files&c2_Screen%3A%3AEPrint%3A%3AUploadMethod%3A%3AURL_url=&component=c3&c3_export=119081'. This request has been blocked; the content must be served over HTTPS.
Could you please mention which file we should check.
Thanks,
Maher
This message is marked for Internal university use only. Not to be circulated outside KFUPM.
*** Options: https://wiki.eprints.org/w/Eprints-tech_Mailing_List*** Archive: https://www.eprints.org/tech.php/*** EPrints community wiki: https://wiki.eprints.org/
This message is marked for Internal university use only. Not to be circulated outside KFUPM.
*** Archive: https://www.eprints.org/tech.php/
*** EPrints community wiki: https://wiki.eprints.org/
- Follow-Ups:
- Re: [EP-tech] Mixed Content
- From: David R Newman <drn@ecs.soton.ac.uk>
- Re: [EP-tech] Mixed Content
- References:
- [EP-tech] Mixed Content
- From: Maher Abdellatif Ahmad Qahwash <qahwash@kfupm.edu.sa>
- Re: [EP-tech] Mixed Content
- From: David R Newman <drn@ecs.soton.ac.uk>
- RE: [EP-tech] Mixed Content
- From: Maher Abdellatif Ahmad Qahwash <qahwash@kfupm.edu.sa>
- RE: [EP-tech] Mixed Content
- From: Maher Abdellatif Ahmad Qahwash <qahwash@kfupm.edu.sa>
- [EP-tech] Mixed Content
- Prev by Date: RE: [EP-tech] Mixed Content
- Next by Date: Re: [EP-tech] Mixed Content
- Previous by thread: RE: [EP-tech] Mixed Content
- Next by thread: Re: [EP-tech] Mixed Content
- Index(es):