Insecure content

Bug and problem reporting on Cyclos 4 version

Moderators: hugo, alexandre, rmvanarkel

Post Reply
maxwedwards
Posts: 7
Joined: Thu Mar 07, 2019 11:58 am

Insecure content

Post by maxwedwards » Thu Mar 07, 2019 12:03 pm

Our cyclos instance is loading the fav icon and main system logo using http rather than https which is giving an insecure content warning in Chrome.

I've checked the configuration and the main web address for the site is set to https://ourdomain.com.

Is this a bug? I would have expected the images to be loaded using relative paths.

alexandre
Posts: 837
Joined: Wed Sep 06, 2006 9:06 am

Re: Insecure content

Post by alexandre » Thu Mar 07, 2019 12:27 pm

Hi,

Check the url used to load the images at the header.
Menu content -> static content
Alexandre Caurrinhos
Cyclos development team.

maxwedwards
Posts: 7
Joined: Thu Mar 07, 2019 11:58 am

Re: Insecure content

Post by maxwedwards » Thu Mar 07, 2019 12:36 pm

The url on the header in static content is set to https. Can't see an option for favicon in there.

maxwedwards
Posts: 7
Joined: Thu Mar 07, 2019 11:58 am

Re: Insecure content

Post by maxwedwards » Thu Mar 07, 2019 1:11 pm

I edited the static content and then edited it back and I've fixed the main logo loading via http.

Need an equivalent for the fav icon. Any ideas? I've tried saving the fav icon image again.

maxwedwards
Posts: 7
Joined: Thu Mar 07, 2019 11:58 am

Re: Insecure content

Post by maxwedwards » Thu Mar 07, 2019 1:16 pm

I don't mind editing the icon path in the database if its there.

maxwedwards
Posts: 7
Joined: Thu Mar 07, 2019 11:58 am

Re: Insecure content

Post by maxwedwards » Thu Mar 07, 2019 2:16 pm

I have searched the entire database for the string "http://ourdomain" and there are no instances of it. There are only instances of "https://ourdomain" the configurations table and static_contents table.

I have destroyed the cyclos container and spun up a new one so it can't have any cached templates in memory. I have tried using incognito browser so I know it's not a local cache problem.

This is looking to me like a bug in Cyclos although very open to there being something I haven't spotted.

Do you have an installation behind https and is your fav icon correctly loaded?

alexandre
Posts: 837
Joined: Wed Sep 06, 2006 9:06 am

Re: Insecure content

Post by alexandre » Thu Mar 07, 2019 2:56 pm

HI,

You are using some kind of proxy at your installation?
If yes you need to set the correct variable at cyclos.properties
Alexandre Caurrinhos
Cyclos development team.

alexandre
Posts: 837
Joined: Wed Sep 06, 2006 9:06 am

Re: Insecure content

Post by alexandre » Thu Mar 07, 2019 3:18 pm

Check your proxy or loadbalance, and set the correct variable at cyclos.properties.
There is several content about it on the forum:

viewtopic.php?f=9&t=3320&p=10645&hilit= ... 93a#p10645
viewtopic.php?f=13&t=3488&p=11040&hilit ... b37#p11040
Alexandre Caurrinhos
Cyclos development team.

maxwedwards
Posts: 7
Joined: Thu Mar 07, 2019 11:58 am

Re: Insecure content

Post by maxwedwards » Fri Mar 08, 2019 6:55 am

Yes, I'm behind loadbalancer in k8s cluster. Perfect, that's sorted it. RTFM!

I looked for cyclos.header.protocol as mentioned in another post in https://documentation.cyclos.org/4.6/cy ... 01s03.html and couldn't find it so I set it to "https" and all is working. Not sure if that setting is required or if that's for when tomcat is connected directly to the internet.

Thanks Alexandre

maxwedwards
Posts: 7
Joined: Thu Mar 07, 2019 11:58 am

Re: Insecure content

Post by maxwedwards » Fri Mar 08, 2019 6:59 am

Tried it without cyclos.header.protocol set and still works so I don't think that's required when behind a load balancer.

Post Reply