0

For some reason DNN generates url for src of iframe inside every modal for editing module or module settings with different protocol on localhost and prod. On localhost when page is opened via https, iframe also has https url. At the same time on prod when page is opened via https, DNN generates http url there for some reason. As result I'm getting this error in dev tools console:

Mixed Content: The page at "" was loaded over HTTPS, but requested an insecure frame. This request has been blocked; the content must be served over HTTPS.

Found this solution.

Disabling modals would be really stupid solution as I need editing and settings for DNN modules. So I used workaround with meta tag added to a website via PersonaBar.

That fix actually works, but firstly, it's not the most convenient solution. Secondly, it's a crutch. If localhost can generate https link, then it means that prod also can. But why it doesn't? It's a code that is generated by DNN, not by my code. So as result I don't understand right now what's going on about it and why.

P.S. Just in case to clearify what I'm talking about:

  • login as superuser to your website
  • click pencil button to edit page
  • hover over any DNN module
  • click pencil icon "Edit module" or gear icon "Settings" (doesn't matter)
  • that's the modal window with iframe I'm talking about

P.S. I've asked this question at DNN forum yesterday already, but didn't recieve any answers there, so I'm duplicating it here.

Constantine Ketskalo
  • 547
  • 1
  • 6
  • 19

1 Answers1

0

DNN's SSL implementation requires a number of things to be in alignment, however, the following should be correct.

Within the security section SSL needs to be enabled, AND enforced, and the page that you are on also has to have the "Secure" flag set.

This is working for us in all production environments, so you so you should be fine.

(If using SSL Offloading, its a bit more tricky)

Mitchel Sellers
  • 62,228
  • 14
  • 110
  • 173
  • I'm not trying to use http at https page. My goal is to make DNN generate https urls for iframes at https pages and force website to use only https. And yes, I've tried those 3 checkboxes first. Works on my local perfectly. However at prod it causes problem: too many redirects. Not sure for 100% but seems that prod redirects to http and DNN redirects to https and it goes forever. So sysadmin told me that at their hosting only urlrewrite rule in web.config will work. I don't believe that though. I've found a case when a guy said that he had the same problem and source of it was in IIS settings. – Constantine Ketskalo Jun 25 '22 at 14:24
  • He didn't specify which IIS settings caused problem though. So I'm trying to figure that out on my own since looks like host's admin is not going to help me with that... – Constantine Ketskalo Jun 25 '22 at 14:28
  • There are so many variables here that I don't know that we can help pinpoint this without seeing the actual installation in this case. – Mitchel Sellers Jun 27 '22 at 03:19
  • Would listing them be too much to ask? I'd be able to go through them one by one then and then I'd know what to google to research this question more deeply. – Constantine Ketskalo Jun 27 '22 at 13:31