Insecure content in the login form

_zg_r T_rker · ‎06-15-2017

We installed a new instanec on premise on our cloud environment. However when I try to login I get "This page is trying to load scripts from unathenticated sources" In detailed exploration I find

"Mixed Content: The page at 'https://xxx.yyy.com/' was loaded over HTTPS, but requested an insecure form action 'http://xxx.yyy.com/login_redirect.do?sysparm_stack=no'. This request has been blocked; the content must be served over HTTPS."

We use load balancer for SSL ofloading 302 redirect (http request s redirectted to https)

Is there something wrong in load balancer configuration or should I try it to solve in the instance properties?

Thanks in Advance,

í–zgür

_zg_r T_rker · ‎06-15-2017

The problem lies Load balancer's 302 redirect rule. The rule below should be added to load balancer:

when HTTP_RESPONSE {

if { [HTTP::is_redirect] } {

if { [string tolower [URI::host [HTTP::header Location]]] conta

ins "<yourdomain.com>" and [URI::protocol [HTTP::header Location]] equals "http"

} {

HTTP::header replace Location [string replace [HTTP::he

ader Location] 0 3 https]

}

View solution in original post

Dave Smith1 · ‎06-15-2017

It looks like not all URLs are https:// enabled - so the browser is giving a warning that plain-text content is being requested for an encrypted session.

Flag it up to the team that did the on-premise installation - they should be able to fix the issue.

_zg_r T_rker · ‎06-15-2017

I did the on premise installation, so that I should fix it. However I only do the steps described in "ServiceNow KB Deployment Guide (KB0563731).pdf" document. It looks like an load balancer issue, it exists after load balancer 302 redirect configuration, but I should prove it.

Regards,