CAUTION: This e-mail originated outside the University of Southampton.

CAUTION: This e-mail originated outside the University of Southampton.

Internal

 

Hi David

 

We went ahead and added the  ($c->{http_url} = "$uri"; and $c->{http_cgiurl} = "$uri/cgi";) settings in the 20_baseurls.pl file but are still receiving the error when clicking on “choose file” to upload a file.

 

Mixed Content: The page at 'https://eprints.kfupm.edu.sa/cgi/users/home?screen=EPrint::Edit&eprintid=142529&stage=files#t' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://eprints.kfupm.edu.sa/cgi/users/home?csrf_token=1696235789%3A7760c7306de2042b1ca48603739ac69f&screen=EPrint%3A%3AEdit&eprintid=142529&stage=files&c2_Screen%3A%3AEPrint%3A%3AUploadMethod%3A%3AURL_url=&component=c3&c3_export=119120'. This request has been blocked; the content must be served over HTTPS.

 

Please note that the issue is with redirecting from https https://eprints.kfupm.edu.sa/cgi/users/home?screen=EPrint::Edit ... “ to “'http://eprints.kfupm.edu.sa/cgi/users/home?csrf_token= ...

Which file does this redirection? Maybe we can check the file for any http settings and modify to https.

 

Thanks,

Maher

 

 

 

 

From: eprints-tech-request@ecs.soton.ac.uk <eprints-tech-request@ecs.soton.ac.uk> On Behalf Of Maher Abdellatif Ahmad Qahwash
Sent: Monday, October 2, 2023 8:51 AM
To: David R Newman <drn@ecs.soton.ac.uk>; eprints-tech@ecs.soton.ac.uk
Subject: RE: [EP-tech] Mixed Content

 

CAUTION: This e-mail originated outside the University of Southampton. CAUTION: This e-mail originated outside the University of Southampton. Internal Hi David Thank you for your continuous support. The below settings are already set in the

ZjQcmQRYFpfptBannerStart

Warning: This email has been sent from outside KFUPM. Do not open links or attachments unless you are sure they are safe.

ZjQcmQRYFpfptBannerEnd

CAUTION: This e-mail originated outside the University of Southampton.

CAUTION: This e-mail originated outside the University of Southampton.

Internal

 

Hi David

 

Thank you for your continuous support.

 

The below settings are already set in the 20_baseurls.pl,

my $uri = URI->new( "http://" );
        if( EPrints::Utils::is_set( $c->{securehost} ) )
        {
                $uri->scheme( "https" );
                $uri->host( $c->{securehost} );
                $uri->port( $c->{secureport} );
                $uri = $uri->canonical;
                $uri->path( $c->{https_root} );
        }
        else
        {
                $uri->scheme( "http" );
                $uri->host( $c->{host} );
                $uri->port( $c->{port} );
                $uri = $uri->canonical;
                $uri->path( $c->{http_root} );
        }

As for the ($c->{http_url} = "$uri"; and $c->{http_cgiurl} = "$uri/cgi";) settings,  we already have them set in the 10_core.pl file as follows:

$c->{http_url} = 'https://eprints.kfupm.edu.sa';

$c->{http_cgiroot} = 'https://eprints.kfupm.edu.sa/cgi';

$c->{http_cgiurl} = 'https://eprints.kfupm.edu.sa/cgi';

$c->{base_url} = "https://$c->{host}";

 

Do we still need to add the ($c->{http_url} = "$uri"; and $c->{http_cgiurl} = "$uri/cgi";) in the 20_baseurls.pl file?

If not, then are there any other files we need to change to resolve the error we are facing when uploading a file?

 

Thanks

Maher

 

 

 

 

From: David R Newman <drn@ecs.soton.ac.uk>
Sent: Sunday, October 1, 2023 10:43 PM
To: eprints-tech@ecs.soton.ac.uk; Maher Abdellatif Ahmad Qahwash <qahwash@kfupm.edu.sa>
Subject: Re: [EP-tech] Mixed Content

 

Hi Maher, What you want to do (as you are running pre 3. 4. 1) you will need to change the default scheme and then manually set the HTTP URLs settings in lib/cfg. d/20_baseurls. pl. So first make sure the block of code that sets the default scheme

ZjQcmQRYFpfptBannerStart

Warning: This email has been sent from outside KFUPM. Do not open links or attachments unless you are sure they are safe.

ZjQcmQRYFpfptBannerEnd

Hi Maher,

What you want to do (as you are running pre 3.4.1)  you will need to change the default scheme and then manually set the HTTP URLs settings in lib/cfg.d/20_baseurls.pl.   So first make sure the block of code that sets the default scheme looks like this (and defaults to HTTPS):

        my $uri = URI->new( "http://" );
        if( EPrints::Utils::is_set( $c->{securehost} ) )
        {
                $uri->scheme( "https" );
                $uri->host( $c->{securehost} );
                $uri->port( $c->{secureport} );
                $uri = $uri->canonical;
                $uri->path( $c->{https_root} );
        }
        else
        {
                $uri->scheme( "http" );
                $uri->host( $c->{host} );
                $uri->port( $c->{port} );
                $uri = $uri->canonical;
                $uri->path( $c->{http_root} );
        }

Then below this and after the settings for base_url and perl_url add:

$c->{http_url} = "$uri";
$c->{http_cgiurl} = "$uri/cgi";

Once you are done run "epadmin test".  Then reload the webserver.  Also to make sure caches are clear be sure to run "epadmin refresh_views", "epadmin refresh_abstracts" and "generate_static" before testing pages to make sure mixed content warnings have been fixed.  EPrints 3.4.1 (official release) has fixed many of the mixed content warnings if you had the correct config.  However, it was not until later versions where some outstanding issues were fixed and the need to manually set http_url and http_cgiurl was no longer needed.

Regards

David Newman

On 01/10/2023 2:37 pm, Maher Abdellatif Ahmad Qahwash wrote:

CAUTION: This e-mail originated outside the University of Southampton.

CAUTION: This e-mail originated outside the University of Southampton.

Internal

 

Hi

 

We are running eprints 3.4.1 rc2, only recently for some reason users are facing issues when uploading a file.  The following error is generated:

 

/cgi/users/home?screen=EPrint::Edit&eprintid=142511&stage=files#t:1 Mixed Content: The page at 'https://eprints.kfupm.edu.sa/cgi/users/home?screen=EPrint::Edit&eprintid=142511&stage=files#t' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://eprints.kfupm.edu.sa/cgi/users/home?csrf_token=1696158508%3A255c5c0055815c8209be816b4315cacf&screen=EPrint%3A%3AEdit&eprintid=142511&stage=files&c2_Screen%3A%3AEPrint%3A%3AUploadMethod%3A%3AURL_url=&component=c3&c3_export=119081'. This request has been blocked; the content must be served over HTTPS.

 

Could you please mention which file we should check.

 

Thanks,

Maher

 

This message is marked for Internal university use only. Not to be circulated outside KFUPM.

 

*** Options: https://wiki.eprints.org/w/Eprints-tech_Mailing_List

*** Archive: https://www.eprints.org/tech.php/

*** EPrints community wiki: https://wiki.eprints.org/

 

 

This message is marked for Internal university use only. Not to be circulated outside KFUPM.

*** Options: https://wiki.eprints.org/w/Eprints-tech_Mailing_List
*** Archive: https://www.eprints.org/tech.php/
*** EPrints community wiki: https://wiki.eprints.org/