I have an AJAX site leuker.nl and when googlebot comes along the site is started and it will retrieve an XML file from my backend server that contains site text.
The HTTP GET request used to retrieve the file returns a HTTP error 498.
Looking on LINK it explains that is concerns an invalid/expired token (esri) returned by "ArcGIS for Server".
I don't understand this error, I don't even use ArcGIS and never heard of it before.
Andy idea how to solve this?
In the backend I use Apache Httpd 2.4 in combination with Tomcat 8.0. Apache proxy requests to Tomcat through an ajp connector. The XML file requested is directly returned by Apache.
Related
I have two cloud services up and running.
frontend (URL: https://frontend-abc-ez.a.run.app/)
backend (URL: http://backend-abc-ez.a.run.app/)
Frontend is calling the backend through a nuxt.js server middleware proxy to dodge the CORS problematics.
The call is coming through - I can see that in the backend log files. However the response is not really coming back through because of CORS. I see this error in the console:
Mixed Content: The page at 'https://frontend-abc-ez.a.run.app/' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://backend-abc-ez.a.run.app/login'. This request has been blocked; the content must be served over HTTPS.
What I find weird is that I configured the backend url with https but it is enforced as http - at least that is what the error is telling me. Also I see a /login path segment in the unsecure URL. Why is that? I never explicitly defined that endpoint. Is it the security layer proxy of the run service itself?
Anyway - I need to get through this properly and am having a hard time to understand the source of the problem.
For some reason as I rechecked the applications today in the morning everything went fine. I have really no idea why it is working now. I did not change a thing - I waited for the answers here before I'd continue.
Very weird. But the solution so far seems to be waiting. Maybe Cloud Run had some troubles.
We have a Java/Jetty server. The servlets on this server are called by some of our internal applications over http.
I have been asked to create a webapp /website which will use many of these servlets / api.
However this is an external customer facing website and needs to be served over https / ssl. The servelet urls look like
http://internalServer:9999?parameters.
Now my webapp is ready and has been deployed on Apache on Debian. Everything works fine but as soon as I enable
https/ssl the backend calls do not go through. On chrome I get "Mixed content. Page was loaded on https but is requestig resource over http...". On Safari I get -could not load resource due to access control checks.
I understand the reasons for these errors but I would like to know ways to solve this.
I have full control over apache server and website code.
I have very limited control over internal jetty server and no control over servelt code.(don't want to mess with existing apps).
Is there something I can do just with apache configuration? can I use it as a reverse proxy for the Jetty(http) server?
Thanks for your help.
"Mixed content. Page was loaded on https but is requestig resource over http..."
That error message means your HTML has resources that are being requested over http://... specifically.
You'll need to fix your HTML (and any references in javascript and css) that request resources (or references resources) to also use https://....
If you try to call an http service from an https site you will have Mixed content error.
You can avoid that error using apache2 proxy settings inside your example.org.conf
You can find it inside the folder /apache2/sites-enabled
Add some code:
<VirtualHost *:443>
...
ProxyPass /service1 http://internalServer:9999
ProxyPassReverse /service1 http://internalServer:9999
</VirtuaHost>
From your https site you have to fetch the url
https://example.org/service1`
to reach the service.
In that way you can call your services http from a https site.
URL in question: https://newyorkliquorgiftshop.com/admin/
When you open the above page, you can see in the console that there are lots of error messages saying "...was loaded over HTTPS, but requested an insecure stylesheet.."
This website was working well until all of a sudden this problem shows up. I am not very familiar with https, but I have contacted with Godaddy and the SSL certificate is valid, and there is no obvious problem with "https://newyorkliquorgiftshop.com". And I am stuck here, I've some experiences with HTTPS website before, if the URL of website's homepage is "https", then every resources it loads is via "https" too. I don't know why my website behave differently and I don't know where to start to solve the problem? Any hint is appreciated especially articles about HTTPS that is related to my problem.(I have done a brief research regarding HTTPS but most of the articles I found are about the basic concepts.)
If you have access to the code (not sure what you built the website using), try using https instead of http for the URL's you use to load your style sheets and script files.
For example one of the errors is
Mixed Content: The page at 'https://newyorkliquorgiftshop.com/admin/' was loaded over HTTPS, but requested an insecure script 'http://www.newyorkliquorgiftshop.com/admin/view/javascript/common.js'. This request has been blocked; the content must be served over HTTPS.
You are requesting the .js file using HTTP, try using HTTPS like so:
https://www.newyorkliquorgiftshop.com/admin/view/javascript/common.js
when i used this http://cdnjs.cloudflare.com/ajax/libs/peerjs/0.3.14/peer.js
its was giving following error
was loaded over HTTPS, but requested an insecure script
'http://cdnjs.cloudflare.com/ajax/libs/peerjs/0.3.14/peer.js'. This
request has been blocked; the content must be served over HTTPS.
after adding
https://cdnjs.cloudflare.com/ajax/libs/peerjs/0.3.14/peer.js
its started giving
was loaded over HTTPS, but requested an insecure XMLHttpRequest
endpoint '0.peerjs.com:9000/c03lztxhq78vkj4i/…;. This request has been
blocked; the content must be served over HTTPS.
This is due to mixed-content blocking - try loading the secure version e.g.
https://cdnjs.cloudflare.com/ajax/libs/peerjs/0.3.14/peer.js
check its compatability support of peerjs http://peerjs.com/status/old
Might be late but anyways this might help some ...
In case of Peer Js :
If you’re planning to deploy to a remote server, it has to be via HTTPS. This is because browsers only allows to access device if connection is secure.
This article might help ( Read under the title: Deploying to remote server ).
If curious, also consider having a look at web fundamentals. ( Read under the title : An XMLHttpRequest example ).
Extra stuff : You can also read this documentation to prevent mixed content.
We recently installed a web application under Tomcat 6 which is connected over the isapi redirector interface (see http://tomcat.apache.org/connectors-doc/webserver_howto/iis.html) to an IIS 7 server. The connector works properly in every case, except for some pages in the web application that return a status 302, with a new location to redirect for.
The browser gets the 302 back and requests the new location, but the IIS web server does not forward the request to the Tomcat server and returns a 404 error instead, even though the uri worker map looks correct for me.
The corresponding uri worker rule is:
/WebClientServlet/*=worker1
and the location url of the new location looks like the following:
http://localhost/WebClientServlet/SBS/cmd:editContent2/workflow:false/articleSearch:false/confirmed:false/objectID:131294/---/fpse/db:test/objectID:131294/Copy+of+0001-Intranet+Home-main-ip+%28DE%29
I could solve the problem. The HTTP status code was actually a 404.11, which means (under IIS 7) that double escaped sequences are not allowed. There is a new feature introduced in IIS 7 called double escaped URL filtering. It is a default security filter, which denies to load any URL that contain double escaped sequences. In order to solve the problem, switch the feature off for the web site which is used to access the tomcat application over isapi-redirector. See more under http://www.iis.net/ConfigReference/system.webServer/security/requestFiltering.
Ditch the ISAPI redirector. Up until today it is what I have been using. Check out the Application Request Routing for IIS7. Here is a walk through on how to set it up. If you want to use host headers look here.