Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
ssl mixed content error intraweb 15.1.5
#1
I have a program that runs properly under delphi 10.3 using intraweb 15.0.17 as isapi dll
same program built using delphi 10.3.2 using intraweb 10.1.5 has following error

Mixed Content: The page at 'https://cdpservices.company.com/webppreviewer_DEV/' was loaded over HTTPS, but requested an insecure resource 'http://10.10.250.38/webPPReviewer_DEV/ppwebreviewer.dll/q19he8KSL-L7KEbcSSt18o6hYSq/'. This request has been blocked; the content must be served over HTTPS.

The iis server it runs on does not have ip address 10.10.250.38. I cannot find any machine that has this ip address

The first page of my app comes up, but when I attempt to go to the 2nd page is when I get the error.
I am assuming that the http://10.10.250.38  should be 'https://cdpservices.company.com' but cannot find any place to set the value.


Thank you for any help.
Reply
#2
Are you using any 3rd party IW library or even JavaScript code?

IntraWeb itself has nothing like that and doesn't reference any external source code anywhere.

Something must be injecting this code into your page. Can you see any trace of this in the rendered HTML? Please check your page source code for it, and alternatively also in individual responses (using Development Tools - F12, from your browser).

BTW, you mention IntraWeb 10.1.5 on Delphi 10.3 which doesn't make any sense to me. IW 10 is a very old version not available for Delphi 10.3.
Reply
#3
(10-31-2019, 06:40 PM)Alexandre Machado Wrote: Are you using any 3rd party IW library or even JavaScript code?

IntraWeb itself has nothing like that and doesn't reference any external source code anywhere.

Something must be injecting this code into your page. Can you see any trace of this in the rendered HTML? Please check your page source code for it, and alternatively also in individual responses (using Development Tools - F12, from your browser).

BTW, you mention IntraWeb 10.1.5 on Delphi 10.3 which doesn't make any sense to me. IW 10 is a very old version not available for Delphi 10.3.
Sorry intraweb 15.1.5.
Yes, using TMS, I have searched everywhere and cannot find any reference to 10.10.250.38. I was hoping that there was a quick fix for this, but I guess I have to search further.
Reply
#4
(10-31-2019, 07:00 PM)PDSBILL Wrote:
(10-31-2019, 06:40 PM)Alexandre Machado Wrote: Are you using any 3rd party IW library or even JavaScript code?

IntraWeb itself has nothing like that and doesn't reference any external source code anywhere.

Something must be injecting this code into your page. Can you see any trace of this in the rendered HTML? Please check your page source code for it, and alternatively also in individual responses (using Development Tools - F12, from your browser).

BTW, you mention IntraWeb 10.1.5 on Delphi 10.3 which doesn't make any sense to me. IW 10 is a very old version not available for Delphi 10.3.
Sorry intraweb 15.1.5.
Yes, using TMS, I have searched everywhere and cannot find any reference to 10.10.250.38. I was hoping that there was a quick fix for this, but I guess I have to search further.


I build a simple 2 form app as isap with an iwbutton on each form to go to the other form. No other components.
I still fails with same error.
http://10.10.250.38/webppreviewer_DEV/pr...stssl.dll/

fails both http: and https:

should I un-install intraweb and re-install it again?
Reply
#5
Its likely something interfering externally. Reinstalling IW won't help as its not IW issuing this.

Can you use the Guess demo and try to deploy it to see what happens? Try both SA and ISAPI and see if any differences.
Reply
#6
Also if you deploy your apps locally on your own dev machine, what is the result?
Reply
#7
(11-01-2019, 07:12 PM)kudzu Wrote: Also if you deploy your apps locally on your own dev machine, what is the result?
OK, this is just getting stranger and stranger.

Using Delphi 10.3.2  IW 15.5.1
The test program fails at my customer site when accessed outside their network (SSL and non SSL). But works inside there network.
The test program works at another customer site when accessed both inside and outside their network. SSL and non SSL
The test program works at our office site when accessed both inside and outside our network. SSL and non SSL

when run, the first form is shown with single button.
When AsyncClick event of button is executed  the 2nd form is to be shown (TFrm2.Create(WebApplication).SHOW);
The program freeezes, does not show the next form and we get the browser error in debugger
 requested an insecure resource 'http://10.10.250.38/webPPReviewer_DEV/projectestssl.dll/q19he8KSL-L7KEbcSSt18o6hYSq/'. This request has been blocked; the content must be served over HTTPS.

Using Delphi 10.3.0  IW 15.0.17
The test program works at both customer sites when accessed both inside and outside their network.

It appears that something is redirecting the baseurl to 10.10.250.38. I am would blame this on my customers firewall, but why does it work under 15.0.17 but not under 15.1.5.
Both customers are running same IIS server version 8.5.9600 on windows server 2012 R2
Both a running with dedicated App pools for the test app.

Any idea's ????

Bill B

Reply
#8
The intraweb design package says "IntraWeb 15.0 Design Package for RAD Studio 10.2 Tokyo" 
The version on server controller say 15.1.5.
Is this correct?
Should both Bootstrap 3 and 4 be installed and active?
Reply
#9
OK, got more information on this issue from customers IT dept. Is there a change i can make to resolve this?

So here’s what’s happening.  The site is making an ajax request that returns XML which has javascript commands that are being executed.  The one being returned is redirecting to a URL, but in that URL is the translation IP address.  I’m not sure if it’s possible with the program to tell it to use absolute URLs to the route (i.e. /webppreviewer_DEV/projecttestssl.dll/) without the domain or IP, or if there is a way around this.
 
The Url rewrite module on the reverse proxy is supposed to make this change, but it’s set to do it on outgoing html traffic.  I changed it to also look for outgoing XML and to add the <literal> tag, but it’s still not catching it, probably because it’s in a CDATA section.
[Image: 0?ui=2&ik=e38e4c2a0d&attid=0.1&permmsgid...8&disp=emb]
<response>
<execute>
<literal>
<![CDATA[
window.location.replace("http://10.10.250.38/webppreviewer_DEV/projecttestssl.dll/");
]]>
</literal>
</execute>
<trackid>11</trackid>
</response>
Reply
#10
IntraWeb will only do that if it detects that you are redirecting to an absolute address, not a relative address.

As I mentioned before, I don't know what URL Rewrite is doing and what it is putting in the request headers, but I bet it is not correct. Without knowing exactly what URL rewrite is doing it is very hard to fix this (it will be a sequence of try and error attempts).

Can you describe exactly what URL Rewrite is doing? IntraWeb doesn't need to have its responses rewritten (they will use relative paths all the time). A proxy should only forward the requests to the correct server, nothing else.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)