Announcement

Collapse
No announcement yet.

http/https mixed content when editing users through user profile.

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • http/https mixed content when editing users through user profile.

    I noticed when I wish to edit users through their profile which leads me to the admincp, HTTP content is being loaded over HTTPS causing mixed content. Now the entire forums is using https, including its forum settings so that's working nicely. But whenever I edit a user, I get a blank right side admincp page (while the menu on the left side remains intact).


    Apparently, when I check the source of the blank page:

    <frameset cols="195,*" framespacing="0" border="0" frameborder="0" frameborder="no" border="0">
    <frame src="index.php?do=nav" name="nav" scrolling="yes" frameborder="0" marginwidth="0" marginheight="0" border="no" />
    <frameset rows="20,*" framespacing="0" border="0" frameborder="0" frameborder="no" border="0">
    <frame src="index.php?do=head" name="head" scrolling="no" noresize="noresize" frameborder="0" marginwidth="10" marginheight="0" border="no" />
    <frame src="http://website/user.php?do=edit&amp;u=62209" name="main" scrolling="yes" frameborder="0" marginwidth="10" marginheight="10" border="no" />
    </frameset>
    </frameset>
    the frame attempts to load http.. any idea how to solve this? As it looks like the request does not obey the forum URL at all. I already have a http -> http set in the nginx config:

    server {
    listen 80;
    server_name website;
    return 301 https://$host$request_uri;
    }

  • #2
    Anyone?

    Comment


    • #3
      Been over 10 days, seriously no one knows?...

      Comment


      • #4
        A redirect is probably the quickest solution to handle the issue.

        Looking at the code, I can't actually see a place that builds an http link and am not sure what the circumstances are to build the link. It also shouldn't be trying to load a second frameset.
        Translations provided by Google.

        Wayne Luke
        The Rabid Badger - a vBulletin Cloud demonstration site.
        vBulletin 5 API - Full / Mobile
        Vote for your favorite feature requests and the bugs you want to see fixed.

        Comment


        • #5
          Your frame source is HTTP.

          It's a frame.

          It's going to display exactly what you tell it regardless of your server https.

          Comment


          • #6
            Originally posted by In Omnibus View Post
            Your frame source is HTTP.

            It's a frame.

            It's going to display exactly what you tell it regardless of your server https.
            The frame is built by the vBulletin AdminCP. Even in vBulletin 5.
            Translations provided by Google.

            Wayne Luke
            The Rabid Badger - a vBulletin Cloud demonstration site.
            vBulletin 5 API - Full / Mobile
            Vote for your favorite feature requests and the bugs you want to see fixed.

            Comment


            • #7
              Originally posted by Wayne Luke View Post

              The frame is built by the vBulletin AdminCP. Even in vBulletin 5.
              Right, but isn't it an <iframe> in HTML 5 rather than a <frame> and a <frameset> ... those are HTML 4 tags.

              Comment


              • #8
                Originally posted by In Omnibus View Post
                Your frame source is HTTP.

                It's a frame.

                It's going to display exactly what you tell it regardless of your server https.
                So it's not obeying vbulletin's url settings at all and requests http regardless?

                Comment


                • #9
                  Originally posted by Skyrider View Post
                  So it's not obeying vbulletin's url settings at all and requests http regardless?
                  Seems to be a bug that wasn't resolved in the final version. Since the software is end of life, it won't be resolved.
                  Translations provided by Google.

                  Wayne Luke
                  The Rabid Badger - a vBulletin Cloud demonstration site.
                  vBulletin 5 API - Full / Mobile
                  Vote for your favorite feature requests and the bugs you want to see fixed.

                  Comment


                  • #10
                    Originally posted by In Omnibus View Post

                    Right, but isn't it an <iframe> in HTML 5 rather than a <frame> and a <frameset> ... those are HTML 4 tags.
                    Yes. vBulletin 4 doesn't use HTML 5. It uses XHTML 1.1 (which is based on HTML 4.2) because HTML 5 did not exist when vBulletin 4 was created.

                    Even in vBulletin 5, the AdminCP uses XHTML, not HTML 5.
                    Translations provided by Google.

                    Wayne Luke
                    The Rabid Badger - a vBulletin Cloud demonstration site.
                    vBulletin 5 API - Full / Mobile
                    Vote for your favorite feature requests and the bugs you want to see fixed.

                    Comment


                    • #11
                      I assume the admincp index frame has to do with this:

                      $navframe = "<frame src="index.php?"
                      $headframe = "<frame src="index.php?"
                      $mainframe = "<frame src=""
                      ^ For some reason the forums edits out the \.

                      But shame vB4 is dead, as I find this a flaw if you fully wish to use https.

                      Either way, I've solved the problem for the time being by adding:

                      add_header Content-Security-Policy upgrade-insecure-requests;
                      In my nginx server block upgrade all insecure requests to https. Not the solution I wanted, but it'll work.

                      Comment

                      Related Topics

                      Collapse

                      Working...
                      X