Im running a Web App over https with a valid ssl cert.
The Web App has a WebMapViewer that loads fine over http but when using https it gets blocked by the browser (Safari) with the following message:
[Warning] [blocked] The page at https://xxx.com/?y=z was not allowed to run insecure content from http://maps.googleapis.com/maps/api/js?key=xyz. (framework.js, line 3268)
Any ideas how I can make the WebMapViewer load https://maps.googleapis.com/maps/api/js?key=xyz instead of http://maps.googleapis.com/maps/api/js?key=xyz
Kind Regards,
Erik
What version of Xojo are you using? I’m pretty sure this was fixed somewhere already no the way.
Thanks for the reply Greg, Im running the latest version of Xojo.
And now that I think of the actual setup I realise what the problem is, it is not Xojos fault.
Im actually running the web app on port 80 over http, but it runs behind an NGINX reverse https proxy on port 443.
NGINX serves https on port 443, but requests the backend web app over http on port 80.
This is why the web app uses http://maps.googleapis.com instead of https://maps.googleapis.com
Maybe I can configure NGINX to rewrite http://maps.googleapis.com with https://maps.googleapis.com or something…
Has anyone else run in to this and found a solution?
make sure the reverse proxy injects Headers like X-Forwarded-Proto, X-Forwarded-For or X-Real-IP. Xojo should be able to understand these since 2016r2.1 see <https://xojo.com/issue/23891>
As Tobias said if the Xojo app does not know its running behind an SSL proxy then it will use http:// by default when calling Google Maps. Adding the extra headers should be enough for it know its running behind https:// and update the HTML sent back to the browser accordingly.
Thanks Tobias and Phillip!
I had missed adding X-Forwarded-Proto in the config, it´s hard to keep track of all the config options.
With X-Forwarded-Proto it now works great.