Fixing Mixed-Content Warnings when using SSL Offloading

Overview

This article provides information on how to resolve mixed-content warnings with pages and popups seen in the browser developer tools when using SSL offloading.

Prerequisites

 

Diagnosis

The warnings described above are possibly caused by a secured page (HTTPS), which contains unsecured links (HTTP) to some resources (images, scripts, etc.).

You can check for mixed content warnings in your browser by:

  1. In your browser, press F12.
  2. View the console.

Errors you should see in the console are:

  • Internet Explorer
    Only secure content is displayed.
  • Firefox
    Firefox has blocked content that isn't secure.
  • Chrome
    Mixed Content: The page at "" was loaded over HTTPS, but requested an insecure frame. This request has been blocked; the content must be served over HTTPS.

Mixed for popups will produce errors such as:

  • Mixed Content: The page at 'https://www.site.com' was loaded over HTTPS, but requested an insecure frame 'http://www.site.com/ctl/edit/mid/540?popUp=true'. This request has been blocked; the content must be served over HTTPS.

    It is failing with a popUp=true query string which is an indicator that the frame is a DNN modal popup.

Solution

  1. Configure the SSL Offload Header Value as required by your load balancers.

    Examples:
  2. Enable SSL for your site and pages.
  3. If you see mixed-content errors whenever a pop-up modal is shown on the screen, you need to disable the pop-ups that are requesting HTTP. To do so, navigate to Settings > SQL Console and run the following query:

    UPDATE portalsettings 
    SET    settingvalue = 'False' 
    WHERE  settingname = 'EnablePopups'

 

Testing

To test that the mixed content warnings are gone:

  1. Access the site, edit a page and access a module's settings.
  2. In your browser, press F12.
  3. View the console.

You should cease to receive any mixed-content warnings.

Comments

0 comments

Please sign in to leave a comment.