Here's what's going on according to my testing: - /blue/js-extensions/ is the only affected resource - The page attempts to load https://example.com/blue/js-extensions (NB: no trailing slash) - This results in a 302, redirecting to Location: http://example.com/blue/js-extensions/ (NB: trailing slash, but no HTTPS) - If I'm visiting this location directly, HSTS will send me (307) to https://example.com/blue/js-extensions/ (finally, the working URL), but HSTS doesn't seem to be applied to <script src> by UAs (or at least not consistently).
Why https://example.com/blue/js-extensions redirects to http://example.com/blue/js-extensions/ and changes the protocol, I'm not sure. There doesn't seem to be anything in my nginx config about trailing slashes specifically. I am using `proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`. Like the other respondents, I've been using HTTPS Jenkins for years, have the correct protocol in the 'Jenkins Location' setting, and all the other assets on /blue/ (e.g. blueorigin.js or blueorigin.css) are being loaded over HTTPS correctly. Regards, Dom On Thursday, 28 July 2016 10:45:36 UTC+12, Michael Neale wrote: > It's hard to say, it could be a quirk of proxy settings. The resources > don't specify any absolute paths that I can tell. > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/465f8736-b0ee-426b-ac01-953f61e99951%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
