Allow a Rest Plugin to use HTTPS

Our version of confluence has recently been switched to https.

I have been developing a confluence rest plugin however now whenever it gets requests I get the following error:

Mixed Content: The page at '*' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint '*'. This request has been blocked; the content must be served over HTTPS.


How do I serve the plugin over HTTPS.


2 answers

1 accepted

1 vote
Answer accepted

It sounds like your add-on is not using the base url it should be reading from the system config (or, if it is, then the base url in the settings has not been changed to https)

Hi there, 

Do you mean in the Confluence settings?

Currently all of the local users are still using the http version and all of the remote users have switched to https. Would it be worth encouraging everyone to use the https version and to switch the confluence base url in the settings as specified on Step 4.



Hi there,

I think I may have accidentally deleted my initial response.

Currently the confluence base url is still set to http and people working locally are just using the http version but the https version is available. 

Should I change it as specified on step 4 here. Could the issue be that when I am on the the https version it still thinks that the base url of the add-on can be accessed via http ?



Your mix of http and https is definitely going to be causing some or all of this problem.

You need to use Confluence on one single base url.  If your REST call is calling out to https://something but your base url is http://something, then it's not going to work because they're not using the same locations.

Pick one base url and move all usages over to it.  I'd recommend the https one of course.

Thank you!

Can I also ask,

Would it be fine for the the rest api to then make http calls (not https) inside the the add-on. ?

So the rest resource is called via https but the actual java code inside it makes http calls somewhere. 

Hopefully this makes sense.


If those calls don't rely on the https base url, or are coded to say "oh, that's https, I should take that apart and rebuild it as http", then yes.

Wonderful, thank you so much!!

Gah, I hit "enter" too quickly.

That comment only applies when the REST resource being hit is the Confluence one where Confluence has a base url that's https.  You can use several ways to get to Confluence if it's been set up to listen in many ways, but internally, it thinks it is only working over one single route.

If your code is calling out to other systems, then the urls in use are entirely down to them, they don't care about Confluence's base url.

So hopefully I can change the Confluence base url so it serves everything over https.

Then it should serve rest resource over https, and internally the rest resource can call whatever it pleases?

Which API or library do you use in the plugin?

The intention of the plugin is to route calls to a node api and then return the responses back to the client.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Mar 12, 2019 in Confluence

Confluence Admin Certification now $150 for Community Members

More and more people are building their careers with Atlassian, and we want you to be at the front of this wave! Important Dates Start the Certification Prep Course by 2 April 2019 Take your e...

1,644 views 4 13
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you