Reverse proxy: tracker.min.js blocked from loading (strict-origin-when-cross-origin)

Created on 18 December 2024, 5 days ago

Problem/Motivation

The "tracker.min.js" is blocked by Chrome. I noticed this in the Chrome dev tools console. The message: "blocked:mixed-content".

The site is being served via "https://example.com" but the console reports it trying to load from "http://example.com/modules/contrib/visitors/js/tracker.min.js" (http instead of https) which is why Google is blocking the script from being loaded.

My setup is probably more convoluted than others. I have a Nginx reverse proxy (which provides the https via letsencrypt) which then passes the traffic to a "drupal:11" Docker container running the site (which is apache).

Steps to reproduce

I was able to reproduce the issue on my dev machine, although the issue is not https vs http, but rather that the port being served is 8080 externally and 80 internally. The following instructions should allow you to reproduce in your own environment, provided you have docker and docker-compose installed. I'm assuming that a shell is being used.

  1. Create a directory "test_visitors"
  2. In "test_visitors" create the file "docker-compose.yml" and copy the text for the compose file (see below)
  3. Still in the "test_visitors" run the command: docker compose up
  4. Open a browser and point it to "http://localhost:8080". Setup a drupal site. Note, the database settings are, database=drupal, user=postgres, password=example, Advanced \ host=postgres, Advanced \ port=5432. The other settings shouldn't matter too much (i think), but at the end you should be logged in as the site admin.
  5. In another terminal window, run the command (to get to the container shell): docker exec -it drupal_test /bin/bash
  6. In the container shell, run the following commands:
    • apt update
    • apt install git -y
    • composer require 'drupal/visitors:^2.x-dev'
    • composer require 'drush/drush'
    • drush cr
    • exit
  7. In the Drupal admin, install visitors and then configure it.
  8. Load the drupal site in a browser that is not authenticated (http://localhost:8080). Open the Chrome debug console to the Network tab and notice that "tracker.min.js" does not load. Note: if you open the debug after loading the page, you will need to reload the page to see the Network populate with information.

docker-compose.yml

version: '3.1'
services:
  drupal:
    image: drupal:11
    container_name: drupal_test
    ports:
      - 8080:80
    volumes:
      - /var/www/html/modules
      - /var/www/html/profiles
      - /var/www/html/themes
      - /var/www/html/sites
    restart: always
  postgres:
    image: postgres:16
    environment:
      POSTGRES_PASSWORD: example
    restart: always

Proposed resolution

Remaining tasks

User interface changes

API changes

Data model changes

πŸ› Bug report
Status

Active

Version

2.0

Component

Code

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

Production build 0.71.5 2024