Fix Mixed Content browser warning

This applies do Chat for JSM Server / Data Center. Cloud versions do not have this problem as Atlassian has all network properly configured.

Usecase

Whenever you receive a mixed content browser warning, you will likely need to adjust your load-balancer or reserve proxy that sits in front of Jira, to make sure traffic is being sent with the original URL and thus, preserving the HTTPS part.

The problem

It can happen that you just configured chat and then you notice that it is not working and by checking the browser console, you receive the following exception:

Mixed Content: The page at 'https://your-website.com' was loaded over HTTPS, but chat.js:51 requested an insecure XMLHttpRequest endpoint 'http://jira.yourcompany.com/rest/com-spartez-support-chat/1.0/'. This request has been blocked; the content must be served over HTTPS.

This is happening because at some point during the connection between the browser and Tomcat (Jira’s application server) the connection is being allowed to run unencrypted and Chat for JSM tries to use this instead of the encrypted path.

Solution

Make sure that you have the connection fully encrypted. If the SSL is being terminated at the reverse proxy, have the PreserveProxyHost enabled.

Apache mod_proxy example:

<VirtualHost *:80> ServerName <subdomain>.<domain>.com ProxyRequests Off ProxyPreserveHost On ProxyVia Off <Proxy *> Require all granted </Proxy> ProxyPass /<contextpath> http://<internal_domain>:<port>/<contextpath> ProxyPassReverse /<contextpath> http://<internal_domain>:<port>/<contextpath> </VirtualHost>

Nginx example:

server { listen 80 ; server_name .dokku.abc.domain.com; location / { proxy_pass http://ip-aaa-bbb-ccc-ddd.us-west-1.compute.internal:80; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } server { listen 80 ; server_name foo.abc.domain.com; rewrite ^(.*) http://foo.dokku.abc.domain.com; } server { listen 80 ; server_name bar.abc.domain.com; rewrite ^(.*) http://bar.dokku.abc.domain.com; }

You should always double check the proper configuration with your Network Administrators as you can be using different configurations.