Doccano: XHR requests always done via http results in mixed content issue

Created on 5 Aug 2019  ·  3Comments  ·  Source: doccano/doccano

I'm serving doccano internally via https. When I used to serve it via http everything worked fine but when I switched to https and I try to annotate new pages of data I get this error in the console.
It seems xhr requests are always being made via http so the content is blocked by default.
Can you please ensure the code can work with both protocols?

document_classification.js:1 Mixed Content: The page at 'https://doccano.example.com/projects/4/#' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://doccano.example.com/v1/projects/4/docs?doc_annotations__isnull=&limit=5&offset=5&q='. This request has been blocked; the content must be served over HTTPS.
(anonymous) @ document_classification.js:1
e.exports @ document_classification.js:1
e.exports @ document_classification.js:1
Promise.then (async)
s.request @ document_classification.js:1
s.<computed> @ document_classification.js:1
(anonymous) @ document_classification.js:1
search @ document_classification.js:8
nextPage @ document_classification.js:8
t @ document_classification.js:14
Pr.t._withTask.o._withTask @ document_classification.js:14
document_classification.js:1 Uncaught (in promise) Error: Network Error
    at e.exports (document_classification.js:1)
    at XMLHttpRequest.d.onerror (document_classification.js:1)
question
Source
picture miskolc

Most helpful comment

@armanrahman22 and @fnocera are working on a pull request that implements the second approach I mentioned above. The fix should be ready soon.

picture c-w on 6 Aug 2019
🎉2

All 3 comments

It looks like the fetch that's causing the issue is a Django Rest Framework pagination link and that the Django server is unaware that it's hosted behind HTTPS. You may have to set the SECURE_PROXY_SSL_HEADER in order for client-side https to work with pagination (configuration change).

Alternatively, it's also possible to post-process the URLs we receive in Vue from the DRF pagination and always use the frontend origin to make the request instead of the explicit origin specified in the link (code change).

c-w picture c-w on 5 Aug 2019

@armanrahman22 and @fnocera are working on a pull request that implements the second approach I mentioned above. The fix should be ready soon.

c-w picture c-w on 6 Aug 2019
🎉2

https://github.com/chakki-works/doccano/pull/328 fixes the mixed content issue.

c-w picture c-w on 9 Aug 2019
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

ayrtondenner picture ayrtondenner  ·  3Comments
callmeashish picture callmeashish  ·  3Comments
atakanokan picture atakanokan  ·  4Comments
Srijha09 picture Srijha09  ·  4Comments
attenton picture attenton  ·  3Comments