I am using the cloudflare flexible SSL so that the site will be served securely.
But for some instances I am experiencing some issues regarding Mixed Content of urls:
Mixed Content: The page at 'https://www.mywebsite.com.mt/contact/' was loaded over HTTPS, but requested an insecure script 'http://www.website.com.mt/bundles/validationscripts?v=dyojIg78p8rqcsTK59r6Hv7BZDgZsMbaeXULVch0n4M1'. This request has been blocked; the content must be served over HTTPS.
For example, the above example, is causing the optimus bundling from not working since it is being served as HTTP.
Also, for another project I was using bulk manager but cannot access it since it is being requested in HTTP.
Regarding the umbraoUseSSL, I have tried to set to true but it was causing a redirection loop since it is being checked as well through cloudflare.
Does anybody has any idea how to tackle this please?
Hi, that kind of problem is pretty common when using CloudFlare Flexible SSL.
That configuration is securing the connection between the client and their servers, but not from their servers to yours.
Activating the useSSL flag, the server redirects the client to https:// (remember it is receiving http://), but CF keeps passing it to the server as http:// so it enters a loop :)
Now, there are 2 ways out I found in the years:
activate Full SSL con CloudFlare and ensure your server is
serving HTTPS content (even if with "invalid" certificate, CF will
pass on that)
create a "custom SSL check" on your server that
reads the special header CF is passing with the request,
"X-Forwarded-Proto: https", instead of reading the standard headers
If possible, I would go with 1) since it lets you keep everything as "standard" as possible :)
Cloudflare SSL and Umbraco
Hi Guys,
I am using the cloudflare flexible SSL so that the site will be served securely.
But for some instances I am experiencing some issues regarding Mixed Content of urls:
For example, the above example, is causing the optimus bundling from not working since it is being served as HTTP.
Also, for another project I was using bulk manager but cannot access it since it is being requested in HTTP.
Regarding the umbraoUseSSL, I have tried to set to true but it was causing a redirection loop since it is being checked as well through cloudflare.
Does anybody has any idea how to tackle this please?
Kind Regards
Did you find any solution to this issue? =D Running the backoffice over a non secure domain? =D
I'm having exactly the same issue! please, can anyone help?
Did anyone find a solution for this.
I am having the same problem. A load of script issues when logging in as https://
Something to add.
I have never had problems logging into the backoffice with https:// and I believe with websites on this same code base.
I can confirm on this problem website I am also using Cloudflare. Maybe this is related.
Please see my attached script issues.
Thanks in advanced
David Armitage
Twitter: https://twitter.com/DavidA_Armitage
Hi,
I found this link. Look like you could add some rewrite script in the web config but it didn't working for me.
http://jasonwatmore.com/post/2014/09/25/aspnet-fix-for-https-ssl-insecure-mixed-content-warning
The site didn't load when I added the script.
Did anyone find a solution to this?
Hi, that kind of problem is pretty common when using CloudFlare Flexible SSL. That configuration is securing the connection between the client and their servers, but not from their servers to yours.
That means that when the user types https://www.yoursite.com, your server receives the HTTP clean request on http://www.yoursite.com.
Activating the useSSL flag, the server redirects the client to https:// (remember it is receiving http://), but CF keeps passing it to the server as http:// so it enters a loop :)
Now, there are 2 ways out I found in the years:
If possible, I would go with 1) since it lets you keep everything as "standard" as possible :)
is working on a reply...