Server: Mixed content in reset password form http > https

Created on 24 Feb 2019  Â·  3Comments  Â·  Source: nextcloud/server

I believe this is a problem either with the reverse proxy failing to re-write some url or with my configuration,
but I can see why everything works ok, except the reset password form.

Steps to reproduce

  1. on the login page ask for forgot password
  2. click on the link in the email
  3. land on the reset password page

Expected behaviour

The password should be reset

Actual behaviour

Due to a problem in the url associated to the reset form (http instead of https) the password is not reset.
You can see the problem in the browser console

Server configuration

CoreOS / Docker image : nextcloud:lates 15.0.4

Updated from an older Nextcloud/ownCloud or fresh install: Fresh

this docker is behind a traefik reverse proxy

Client configuration

Browser: Chrome

Operating system: debian unstable
core.js?v=9827eae1-11:4 Mixed Content: The page at 'https://example.net/lostpassword/reset/form/xxxx/user' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://example.net/lostpassword/set/xxxxx/user'. This request has been blocked; the content must be served over HTTPS. 

​

0. Needs triage bug
Source
picture abate

Most helpful comment

sometimes you just need a kick to read the docs properly :
I've added overrrideprotocol=https to my conf and now everything works as it should

picture abate on 25 Feb 2019
👍2

All 3 comments

What does your config.php look like?

rullzer picture rullzer on 25 Feb 2019

there it is : 

<?php
$CONFIG = array (
  'htaccess.RewriteBase' => '/',
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'apps_paths' => 
  array (
    0 => 
    array (
      'path' => '/var/www/html/apps',
      'url' => '/apps',
      'writable' => false,
    ),
    1 => 
    array (
      'path' => '/var/www/html/custom_apps',
      'url' => '/custom_apps',
      'writable' => true,
    ),
  ),
  'instanceid' => 'occslrbveksr',
  'passwordsalt' => 'xxxxxxxxxxxx',
  'secret' => 'xxxxxxxxxxxxxxxx',
  'trusted_domains' => 
  array (
    0 => 'example.net',
  ),
  'datadirectory' => '/var/www/html/data',
  'dbtype' => 'mysql',
  'version' => '15.0.4.0',
  'overwrite.cli.url' => 'https://example.net',
  'dbname' => 'nextcloud',
  'dbhost' => 'mysql',
  'dbport' => '',
  'dbtableprefix' => '',
  'mysql.utf8mb4' => true,
  'dbuser' => 'oc_xxxxxxx',
  'dbpassword' => 'xxxxxxxxxxxx',
  'installed' => true,
  'onlyoffice' => 
  array (
    'DocumentServerUrl' => '',
    'DocumentServerInternalUrl' => '',
    'StorageUrl' => '',
  ),
  'maintenance' => false,
  'updater.release.channel' => 'stable',
);
abate picture abate on 25 Feb 2019

sometimes you just need a kick to read the docs properly :
I've added overrrideprotocol=https to my conf and now everything works as it should

abate picture abate on 25 Feb 2019
👍2
Was this page helpful?
0 / 5 - 0 ratings

Related issues

mfechner picture mfechner  Â·  3Comments
dl5rcw picture dl5rcw  Â·  3Comments
mama21mama picture mama21mama  Â·  3Comments
juliushaertl picture juliushaertl  Â·  3Comments
brylie picture brylie  Â·  3Comments