Our version of confluence has recently been switched to https.
I have been developing a confluence rest plugin however now whenever it gets requests I get the following error:
Mixed Content: The page at '*' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint '*'. This request has been blocked; the content must be served over HTTPS.
How do I serve the plugin over HTTPS.
Cheers
It sounds like your add-on is not using the base url it should be reading from the system config (or, if it is, then the base url in the settings has not been changed to https)
Hi there,
Do you mean in the Confluence settings?
Currently all of the local users are still using the http version and all of the remote users have switched to https. Would it be worth encouraging everyone to use the https version and to switch the confluence base url in the settings as specified on Step 4.
Cheers,
Stefan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi there,
I think I may have accidentally deleted my initial response.
Currently the confluence base url is still set to http and people working locally are just using the http version but the https version is available.
Should I change it as specified on step 4 here. Could the issue be that when I am on the the https version it still thinks that the base url of the add-on can be accessed via http ?
Cheers,
Stefan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Your mix of http and https is definitely going to be causing some or all of this problem.
You need to use Confluence on one single base url. If your REST call is calling out to https://something but your base url is http://something, then it's not going to work because they're not using the same locations.
Pick one base url and move all usages over to it. I'd recommend the https one of course.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thank you!
Can I also ask,
Would it be fine for the the rest api to then make http calls (not https) inside the the add-on. ?
So the rest resource is called via https but the actual java code inside it makes http calls somewhere.
Hopefully this makes sense.
Thanks!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
If those calls don't rely on the https base url, or are coded to say "oh, that's https, I should take that apart and rebuild it as http", then yes.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Gah, I hit "enter" too quickly.
That comment only applies when the REST resource being hit is the Confluence one where Confluence has a base url that's https. You can use several ways to get to Confluence if it's been set up to listen in many ways, but internally, it thinks it is only working over one single route.
If your code is calling out to other systems, then the urls in use are entirely down to them, they don't care about Confluence's base url.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
So hopefully I can change the Confluence base url so it serves everything over https.
Then it should serve rest resource over https, and internally the rest resource can call whatever it pleases?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Which API or library do you use in the plugin?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
The intention of the plugin is to route calls to a node api and then return the responses back to the client.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.