Resolution: Not a Bug
Affects Version/s: 8.0.0 GA
Fix Version/s: None
I've just setup Pentaho 8.0 server using SSL on a load balancer.
Pentaho runs on standard 8080 and the LB handles the SSL. server.properties has been updated with the correct https url.
However; I've found that chrome (and presumably other apps) blocks the login page because of a Mixed content message:
The page xx/pentaho/Login was loaded over HTTPS but requested an insecure XMLHttpRequest endpoint 'http://xx/pentaho/index.jsp'. This request has been blocked. The content must be served over HTTPS
All fair enough. So; Why hasn't Pentaho done this?
If you change the url back to https, it does actually login, and work fine.
I found a few similar comments on the forums..
I guess one workaround could be some sort of rewrite on the load balancer? But before I look at that, I just wanted to reach out and see if anyone else has seen this.
I did notice in the code there are references to two different procedures, one called:
and one called
I wonder if one of those is broken?
Raising this as a Jira on direction from Luc Boudreau. If this really is a bug be nice to see it fixed in 8.2
Login:1 Mixed Content: The page at 'https://something.com/pentaho/Login' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://something.com/pentaho/index.jsp'. This request has been blocked; the content must be served over HTTPS.