I have Tutor running under https, but in the indigo theme somehow the (hidden) site logo is loaded with an absolute URL starting with “http://”. Some browsers (FF, Vivaldi…) don’t like this, and show the site as insecure. Tried to find out where to change this, but couldn’t figure it out (except from eliminating the corresponding code in the template).
Hi @insad! I do not observe the same behaviour. For instance, on the demo site, the organization logo is loaded from https://demo.openedx.overhang.io/static/indigo/images/logo.9653eb7aabef.png.
Do you still face this issue? Which tutor version are you running?
Latest version of Tutor and Indigo. The logo at the top of the page is ok, it’s about the logo in the footer (that isn’t shown anyway in Indigo as the surrounding div has a style of display:none)
Can you please check whether you can reproduce the issue on https://demo.openedx.overhang.io? If yes, can you share a screenshot of the source code?
In your demo the logo in the footer is linked correctly with https… though a relative url instead of an absolute one would be better… No idea what could be wrong at my side, will try to dig deeper in the code to find out.
Where can I find the config.yml file you used for your demo site (without the keys of course)? Maybe there is some clue to be found. I’m using Apache2 at the front managing my own letsencrypt certificate and proxying to Tutor (like before the version based on Juniper).
Even so I can also completely remove that part of the footer in my Indigo copy, as the logo isn’t shown at all …
This is almost certainly what is causing the issue. Is your Apache proxy correctly setting the ```
X-Forwarded-Proto header? You might find useful information in this StackOverflow question: django - request.is_secure() always returns false with uwsgi server - Stack Overflow
Yes that was exactly the problem!
Found more info about setting the request header at https://documentation.bloomreach.com/14/library/deployment/configuring/configure-apache-httpd-as-reverse-proxy-for-hippo.html
In Ubunto 20.04, enabled first the headers module with:
a2enmod headers
then added the following line to the virtualhost setting (before ProxyPreserveHost directive):
RequestHeader set X-Forwarded-Proto https
Thank you very much for the hint…