Reputation: 1610
How to fix HTTPS-HTTP mixed content error in JSP redirection in a java web application
I am using a DNS url (https) which is a load balancer url for my web application which is hosted in Weblogic server. When I hit the url in chrome and I can do a successful login. Then when I am trying to click on some button from the page , say some view/edit button, there is no response. When I debugged I found it is due to mixed content issue in chrome. Yes I don't face any issue in IE and Firefox for the same.
When I am using the raw http url in stead of the DNS url, I have no issues.
Now, I want to fix this issue in my jsp itself. But I am not sure about the code changes that I need to make.
Following are the URLs that I get from network trace :
Console URL : https://dns-host/myapp/console.jsp
Request URL : https://dns-host/myapp/editWorkSelector.jsp?workid=1234©work=view
Referer : https://dns-host/myapp/workDataScr.jsp?workname=null
Location : http://dns-host/myapp/workView.jsp
I am trying to go to workView.jsp in my code. Here I face the issue and unable to go to the page.
Here is a sample code :
File : workDataScr.jsp
<td align="center" bgcolor="<%=bgcolor%>">
<a href="editWorkSelector.jsp?workid=<%=id%>©work=view"
onClick="return checkForSystem(this.form,'<%=id%>','<%=type%>','<%=role%>')">VIEW
</a>
</td>
function checkForSystem(form,workid,worktype,role){
form = document.forms[1];
form.action="editWorkSelector.jsp?workid="+workid+"&type="+worktype;
form.submit();
}
File : editWorkSelector.jsp
String workid = request.getParameter("workid");
String copy = (String)request.getParameter("copywork");
String workname = (String)request.getParameter("workname");
WorkData work = workBean.getWork(workid);
response.sendRedirect("workView.jsp");
Here lies the issue, due to mixed content the code flow is unable to reach workView.jsp.
Error :
Mixed Content: The page at 'https://dns-host/myapp/console.jsp' was loaded over HTTPS,
but requested an insecure resource 'http://dns-host/myapp/workView.jsp'.
This request has been blocked; the content must be served over HTTPS.
enter code here
It will be very helpful to know how to fix this issue in my code.
Upvotes: 1
Views: 2038
Answers (1)
Reputation: 1610
We need to redirect the request on conditions properly before executing the below line.
response.sendRedirect("workView.jsp");
Hold the schema/referrer like below :
String scheme = request.getScheme();
String referer = request.getHeader("referer");
It is better to use referrer because schema doesn't always give the desired result. You can check the value in console debugger.
Then execute the redirect on condition like this :
String servername = request.getServerName();
String scheme = request.getScheme();
String referer = request.getHeader("referer");
if(referer.startsWith("https")) {
response.sendRedirect("https://" + servername + "/context-root/" + "workView.jsp");
}else{
response.sendRedirect("workView.jsp");
}
Upvotes: 1
Related Questions
- JSF redirects from HTTPS to HTTP
- Redirecting Not Working with Https
- HTTP to HTTPS redirection issue with Tomcat 8
- Redirect to a 3rd party HTTP page from HTTPS without the certificate error
- How to redirect requests to https from a servlet
- Java Response Redirect from https to http
- How do you properly redirect from an HTTPS page?
- https turns to http when redirecting from one jsp page to other
- redirect from http to https and back to http within java servlet
- Tomcat: Issue with redirecting from HTTP to HTTPS