[horde] Request CSS Content over HTTPS (Horde 6)
Brent
impuser at bitrealm.com
Sat Jun 24 16:53:06 UTC 2023
Quoting Ronny Forberger <ronnyforberger at ronnyforberger.de>:
> Hi Brent,
> Thanks, but I have copied conf.php.dist to conf.php for a basic
> installation now, but still the same problem. CSS is loaded over http.
>
> Any other ideas? How are URLs generated ? Is there any specific
> conf.php setting?
>
> Best regards,
>
> Ronny
>
>
> Ronny Forberger
> E: ronnyforberger at ronnyforberger.de
> W: http://www.ronnyforberger.de
>
>
>> Am 24.06.2023 um 14:18 schrieb Brent <impuser at bitrealm.com>:
>>
>> Quoting Ronny Forberger <ronnyforberger at ronnyforberger.de>:
>>
>>> Hi,
>>>
>>> I am trying out Horde 6 (in development), but I cannot get the CSS
>>> content loaded over HTTPS.
>>>
>>> In Chrome console, i.e., I get the error message:
>>>
>>> login.php:4 Mixed Content: The page at
>>> 'https://HOST/horde/login.php[1]' was loaded over HTTPS, but
>>> requested an insecure stylesheet
>>> 'http://HOST/themes/horde//default/screen.css[2]<https://host/horde/login.php'%20was%20loaded%20over%20HTTPS,%20but%20requested%20an%20insecure%20stylesheet%20'http://HOST/themes/horde//default/screen.css>'. This request has been blocked; the content must be served over
>>> HTTPS.
>>> login.php:4 Mixed Content: The page at
>>> 'https://HOST/horde/login.php[1]' was loaded over HTTPS, but
>>> requested an insecure stylesheet
>>> 'http://HOST/themes/horde//default/webkit.css[3]<https://host/horde/login.php'%20was%20loaded%20over%20HTTPS,%20but%20requested%20an%20insecure%20stylesheet%20'http://HOST/themes/horde//default/webkit.css>'. This request has been blocked; the content must be served over
>>> HTTPS.
>>>
>>> I am rewriting everything (path /) in Apache2 to https, but this
>>> seems not to have effect.
>>>
>>> The site is HSTS enabled.
>>>
>>> How can I tell Horde to serve CSS content over HTTPS?
>>>
>>> Thanks.
>>>
>>> Best regards,
>>>
>>> Ronny
>>>
>>> Ronny Forberger
>>> E: ronnyforberger at ronnyforberger.de
>>> W: http://www.ronnyforberger.de
>>>
>>
>> The biggest problem I've seen when URLs aren't being written
>> correctly is due to haveing an incorrect conf.php. Be sure that you
>> are copying the .dist to .conf:
>>
>> # cd /var/www/horde/web/horde/config (install directory being
>> /var/www/horde, in this case)
>> # cp conf.php-dist conf.php
>>
>> I've seen people do:
>>
>> # cp horde.local.php conf.php (this is wrong)
>>
>> brent
>>
You say you are re-writing http to https...I don't quite follow. Using
apache to do that or another front-end? If "horde" sees the URI as
https, then it'll write the URLs as https. If you're doing some sort
of mangling to the client (web browser) but horde is seeting http as
the URI, then you can have this problem.
I have a redirect on http to go to https...the
http://somesite.test.com has a redirect on it to
https://somesite.test.com. I CAN'T do
"http://somesite.test.com/horde/login.php" as that URL doesn't exist
on my http virtual root. I just serve a default index.html on my http
site that does the redirect. There are more elegant ways, but this
works for me and horde will never see a non-https request.
http.conf:
<VirtualHost *:80>
DocumentRoot /var/www/html/redirect
ServerName somesite.test.com
</VirtualHost>
index.html (only file in /var/www/html/redirect)
<HTML>
<HEAD>
<!-- Send users to the new location. -->
<TITLE>redirect</TITLE>
<META HTTP-EQUIV="refresh"
CONTENT="0;URL=https://somesite.test.com">
</HEAD>
</HTML>
brent
Links:
------
[1] https://host/horde/login.php
[2] http://host/themes/horde//default/screen.css
[3] http://host/themes/horde//default/webkit.css
More information about the horde
mailing list