[dspace-tech] http in API responses (blocked as mixed content)

Fri, 28 Jul 2023 04:51:08 -0700 

Hi Team,
please could you help us with installation - setting the access to https only. 


We have backend and frontend on the same server (eduo.osu.cz), backend 
calls are redirected by apache proxy to localhost:8080 tomcat port.


In local.cfg, we have set: dspace.server.url = https://eduo.osu.cz/server

When I open the DSpace homepage, primary API calls are correct, like
https://eduo.osu.cz/server/api   [HTTP/1.1 200  75ms]

Still, the API calls that contain uri parameter, like

https://eduo.osu.cz/server/api/authz/authorizations/search/object?uri=http://eduo.osu.cz/server/api/core/sites/0f53bf85-4114-4307-9813-d1cbeea2cf33&feature=isCollectionAdmin&embed=feature


have http:// protocol in the uri argument value. These requests are 
blocked by API/backend:



# curl 
'http://localhost:8080/server/api/authz/authorizations/search/object?uri=http://eduo.osu.cz/server/api/core/sites/0f53bf85-4114-4307-9813-d1cbeea2cf33&feature=isCollectionAdmin&embed=feature'
{"timestamp":"2023-07-28T11:40:05.876+00:00","status":400,"error":"Bad 
Request","message":"Request is invalid or 
incorrect","path":"/server/api/authz/authorizations/search/object"}[root@eduard 
config]#



If I manually change the ?uri to uri=https://..., I get the correct API 
answer:


https://eduo.osu.cz/server/api/authz/authorizations/search/object?uri=https://eduo.osu.cz/server/api/core/sites/0f53bf85-4114-4307-9813-d1cbeea2cf33&feature=isCollectionAdmin&embed=feature
    OR

curl 
'http://localhost:8080/server/api/authz/authorizations/search/object?uri=https://eduo.osu.cz/server/api/core/sites/0f53bf85-4114-4307-9813-d1cbeea2cf33&feature=isCollectionAdmin&embed=feature'

{
  "_links" : {
    "self" : {

      "href" : 
"http://localhost:8080/server/api/authz/authorizations/search/object?uri=https://eduo.osu.cz/server/api/core/sites/0f53bf85-4114-4307-9813-d1cbeea2cf33&feature=isCollectionAdmin";

    } ... ...



Please, don't you have any idea, which settings etc. causes the "http:" 
in uri argument, or how to change it to https?



Thank you a lot in advance for any response!

Best!

Matyas F. Bajger

library systems administrator
University of Ostrava - University Library
https://library.osu.eu

--
All messages to this mailing list should adhere to the Code of Conduct: 
https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx

--- 
You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group.

To unsubscribe from this group and stop receiving emails from it, send an email 
to dspace-tech+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/dspace-tech/55b039c0-b998-bcbb-363f-b57a06599d44%40seznam.cz.






















					Reply via email to