I'm serving doccano internally via https
. When I used to serve it via http
everything worked fine but when I switched to https
and I try to annotate new pages of data I get this error in the console.
It seems xhr requests are always being made via http so the content is blocked by default.
Can you please ensure the code can work with both protocols?
document_classification.js:1 Mixed Content: The page at 'https://doccano.example.com/projects/4/#' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://doccano.example.com/v1/projects/4/docs?doc_annotations__isnull=&limit=5&offset=5&q='. This request has been blocked; the content must be served over HTTPS.
(anonymous) @ document_classification.js:1
e.exports @ document_classification.js:1
e.exports @ document_classification.js:1
Promise.then (async)
s.request @ document_classification.js:1
s.<computed> @ document_classification.js:1
(anonymous) @ document_classification.js:1
search @ document_classification.js:8
nextPage @ document_classification.js:8
t @ document_classification.js:14
Pr.t._withTask.o._withTask @ document_classification.js:14
document_classification.js:1 Uncaught (in promise) Error: Network Error
at e.exports (document_classification.js:1)
at XMLHttpRequest.d.onerror (document_classification.js:1)
It looks like the fetch that's causing the issue is a Django Rest Framework pagination link and that the Django server is unaware that it's hosted behind HTTPS. You may have to set the SECURE_PROXY_SSL_HEADER in order for client-side https to work with pagination (configuration change).
Alternatively, it's also possible to post-process the URLs we receive in Vue from the DRF pagination and always use the frontend origin to make the request instead of the explicit origin specified in the link (code change).
@armanrahman22 and @fnocera are working on a pull request that implements the second approach I mentioned above. The fix should be ready soon.
https://github.com/chakki-works/doccano/pull/328 fixes the mixed content issue.
Most helpful comment
@armanrahman22 and @fnocera are working on a pull request that implements the second approach I mentioned above. The fix should be ready soon.