Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Allow a Rest Plugin to use HTTPS

Stefan Hall
Stefan Hall November 9, 2017

Our version of confluence has recently been switched to https.

I have been developing a confluence rest plugin however now whenever it gets requests I get the following error:

Mixed Content: The page at '*' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint '*'. This request has been blocked; the content must be served over HTTPS.

 

How do I serve the plugin over HTTPS.

Cheers

Answer
Watch
Like Be the first to like this
2448 views

2 answers

1 accepted

1 vote
Answer accepted
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
November 10, 2017

It sounds like your add-on is not using the base url it should be reading from the system config (or, if it is, then the base url in the settings has not been changed to https)

View More Comments
Stefan Hall
Stefan Hall November 12, 2017

Hi there, 

Do you mean in the Confluence settings?

Currently all of the local users are still using the http version and all of the remote users have switched to https. Would it be worth encouraging everyone to use the https version and to switch the confluence base url in the settings as specified on Step 4.

Cheers,

Stefan

Like
Stefan Hall
Stefan Hall November 12, 2017

Hi there,

I think I may have accidentally deleted my initial response.

Currently the confluence base url is still set to http and people working locally are just using the http version but the https version is available. 

Should I change it as specified on step 4 here. Could the issue be that when I am on the the https version it still thinks that the base url of the add-on can be accessed via http ?

Cheers,

Stefan

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
November 12, 2017

Your mix of http and https is definitely going to be causing some or all of this problem.

You need to use Confluence on one single base url.  If your REST call is calling out to https://something but your base url is http://something, then it's not going to work because they're not using the same locations.

Pick one base url and move all usages over to it.  I'd recommend the https one of course.

Like
Stefan Hall
Stefan Hall November 12, 2017

Thank you!

Can I also ask,

Would it be fine for the the rest api to then make http calls (not https) inside the the add-on. ?

So the rest resource is called via https but the actual java code inside it makes http calls somewhere. 

Hopefully this makes sense.

Thanks!

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
November 12, 2017

If those calls don't rely on the https base url, or are coded to say "oh, that's https, I should take that apart and rebuild it as http", then yes.

Like
Stefan Hall
Stefan Hall November 12, 2017

Wonderful, thank you so much!!

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
November 12, 2017

Gah, I hit "enter" too quickly.

That comment only applies when the REST resource being hit is the Confluence one where Confluence has a base url that's https.  You can use several ways to get to Confluence if it's been set up to listen in many ways, but internally, it thinks it is only working over one single route.

If your code is calling out to other systems, then the urls in use are entirely down to them, they don't care about Confluence's base url.

Like
Stefan Hall
Stefan Hall November 12, 2017

So hopefully I can change the Confluence base url so it serves everything over https.

Then it should serve rest resource over https, and internally the rest resource can call whatever it pleases?

Like
Reply
0 votes
Domenico Manzo _Actonic_
Domenico Manzo _Actonic_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 10, 2017

Which API or library do you use in the plugin?

View More Comments
Stefan Hall
Stefan Hall November 12, 2017

The intention of the plugin is to route calls to a node api and then return the responses back to the client.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events