Developer forum

Forum » CMS - Standard features » CORS Error with DW calls on HTTPS website

CORS Error with DW calls on HTTPS website

E-mail notifications
Snaevar Petursson
Snaevar Petursson
Reply
Posted on 04/01/2018 15:39:04

Hello forum!

I ran into a problem with a CORS due to Client <--> Netscaler being on HTTPS but Netscaler <--> DW backend being on HTTP.

For example when I try to fetch news in the admin frontpage I get this console error:
"Mixed Content: The page at 'https://www.mysite.is/Admin/Default' was loaded over HTTPS, but requested an insecure script 'http://dynamicweb.com/dashboard-news?callback=jQuery21106735912478403767_1515070089226&Name=&format=json&_=1515070089227'. This request has been blocked; the content must be served over HTTPS."

This is also happening when I try to post the CreateProfile form for the websites newsletter:
"Mixed Content: The page at 'https://www.mysite.is/Default.aspx?ID=1&Purge=True' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://www.mysite.is/Default.aspx?ID=1&CreatedProfile=True'. This request has been blocked; the content must be served over HTTPS."

Since these HTTP redirects are being requested by the server I am not sure how I should go about changing this.


Any suggestions/ideas are well appreciated.

Best regards
Snævar


Replies

 
Nicolai Pedersen
Posted on 04/01/2018 16:12:19
Reply

Hi Snaevar

The first one is one you can fix by changing the dashboard in Dynamicweb to load news from our site using https instead of http. See dump 1+2.

The second one comes from the implementation it self. So somewhere in your template/js frontend, you have something that seems to create and save a profile using AJAX-ish approach. You would need to find that place and include the https in that request.

BR Nicolai

Capture.PNG Capture1.PNG
 
Snaevar Petursson
Snaevar Petursson
Posted on 04/01/2018 18:09:56
Reply

I thought the DW backend was forcing the /Default.aspx?ID=1&CreatedProfile=True redirect with a HTTP header in Dynamicweb.UserManagement.Frontend
in line 1740: Context.Current.Response.Redirect(LinkHelper.GetUrlWithPort(string.Format("Default.aspx?ID={0}&CreatedProfile=True", PageView.Current().ID), flag3));. 
Since it happens after I do my AJAX call and the Initiator of the call is "Other". 
Or am I completely off track?

Kind regards
Snævar

 
Lars Sørensen Dynamicweb Employee
Lars Sørensen
Posted on 23/01/2018 09:07:59
Reply

Hi Snærvar,

If you look at the LinkHelper.GetUrlWithPort, you'll see that it uses the current http scheme to build the URL, and if the SSL certificate is terminated on the load balancer, the scheme in DW will be http. If you can move the SSL termination to the IIS nodes instead, this should fix if, and in some cases it may even improve response times.

BR.
Lars

 

You must be logged in to post in the forum