[solved]JavaScript not over HTTPS - insecure content

jschiller

Joined: 2013-10-19
Posts: 5
Posted: Wed, 2014-04-09 07:38

Running Gallery2 over HTTPS, but the JavaScript is being flagged as insecure content and blocked by Chrome.

This means JavaScript based functionality is missing, for example you cannot install/uninstall/delete/configure plugins, nor will the Album Select Block work in the side bar.

I can of course click the "load unsafe script" and everything functions... but is there a way to force the script to use HTTPS if the site is accessed over https?

I searched and only found stuff about redirection of HTTP->HTTPS to make the login safe, and about securing the images. Apologies if this is covered in another thread.

To reproduce this problem I access my gallery2 site over HTTPS on chrome/OSX. Screen shot attached showing the security warning (the Shield which when clicked reads "This page includes script from unauthenticated sources. [Load unsafe script]").

I have also included the developer tools window (View > Developer > Developer Tools) which states:

X [blocked] The page at 'https://www.schiller.net/gallery2/main.php' was loaded over HTTPS, but ran insecure content from 'http://www.schiller.net/gallery2/main.php?g2_view=core.CombinedJavascript&g2_key=b9e45ea3d4899d464fddda2b6b2d3ce7': this content should also be loaded over HTTPS. main.php:1

Can be reproduced without logging in.

System details:
Gallery URL = http://www.schiller.net/gallery2/main.php
Gallery version = 2.3.2 core 1.3.0.2
API = Core 7.54, Module 3.9, Theme 2.6, Embed 1.5
PHP version = 5.3.10-1ubuntu3.11 apache2handler

Browser (e.g. Firefox 2.0): Chrome Version 33.0.1750.152

Thanks,

__Jason

AttachmentSize
java-insecure.png158.74 KB
 
jschiller

Joined: 2013-10-19
Posts: 5
Posted: Wed, 2014-04-09 13:20

looking at the forcing SSL thread http://galleryproject.org/node/30558 I found a bit about unsetting baseURI.

in config.php
$gallery->setConfig('baseUri', '');

that solved my issue.