We are using Nginx as a reverse-proxy for the web applications and the whole traffic is routed to https in the configuration of the server. From time to time, for some browsers the call was returning with 308 errors:

the page was loaded over https but requested an insecure xmlhttprequest endpoint 

After a few searches and configuration changes we realized there is a setting that will solve the problem:

   add_header 'Content-Security-Policy' 'upgrade-insecure-requests';

A more detailed discussion could be found on ServerFault

Categories: consulting


Leave a Reply

Avatar placeholder

Your email address will not be published.