Mixed Content. This request has been blocked; the content must be served over HTTPS.

Problem 

After accepting a self-signed certificate, the browser complains that scripts are being served in mixed mode:

Mixed Content: The page at 'https://<host>/browser' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://<host>/home'. This request has been blocked; the content must be served over HTTPS.

Cause

This error might occur when you use Apache mod_proxy at your environment and external connection is secured, but internal one is not.

In this case the embedded Jetty webservice doesn't recognize that all external connections should be served in secured mode (over HTTPS) and keeps responding over HTTP.

Environment schema

User > HTTPS > Apache mod_proxy > HTTP > Datameers Jetty

Solution

In order to fix the issue, adjust Apache, Jetty, and Datameer settings.

  1. Apache

    Add the following line to the Apache config for the Datameer VirtualHost section:
    RequestHeader set X-Forwarded-Proto "https" env=HTTPS
  2. Jetty

    In <datameer-install-path>/etc/jetty.xml uncomment the following:
    <Call name="addCustomizer">
    <Arg><New class="org.eclipse.jetty.server.ForwardedRequestCustomizer"/></Arg>
    </Call>
  3. Datameer

    Make sure that the correct hostname and protocol is set in <datameer-install-path>/etc/live.properties for system.property.server.address:
    # Define the address and port used to connect to DATAMEER.
    system.property.server.address=<host>:<port>

Restart Datameer and Apache to apply changes.