Richwidgets popup_upload and https?

Richwidgets popup_upload and https?

  
Hi all, 

I have a (very annoying) problem using HTTPS screens / flows.

If I set the HTTP security property of a webflow / screen to HTTPS after the initial publish, the screens with popups in them (to the richwidgets popup_upload screen) stop loading - the loading indicator keeps spinning in the popup. If I inspect the generated HTML I see that the url to the screen is http://myserver instead of https://myserver

If I inline edit the HTML the popup works. Richwidgets has the security property of the screenflow explicitly set to none. Could that be the problem? 

The only workaround seems to be setting all screens with a link to the upload screen to HTTP security: none, which ofcourse is very undesirable... 

Anybody has a fix for this? 
Hi,

what version of the platform, richwidgets etc. are you using?

Hans -

The popups and the screens calling them must have the same HTTPS setting. The platform is not smart enough to notice that it is dishing the base page as HTTPS and therefore the link to the popup must be HTTPS as well, so if you leave the popup to "blank" security it will be HTTP on an HTTPS page, and the browser will block it.

The solution is to make the popup explicitly HTTPS as well.

I've complained about this a few times now over the years...

J.Ja
Hi Justin, 

for now I've cloned the popup upload from richwidgets and made a HTTPS version. Thanks for the confirmation of what I thought was the issue /solution

Hans
Hi

Do you know if this is fixed in latest version of the platform?

thank you
António Barroso
Justin James wrote:
Hans -

The popups and the screens calling them must have the same HTTPS setting. The platform is not smart enough to notice that it is dishing the base page as HTTPS and therefore the link to the popup must be HTTPS as well, so if you leave the popup to "blank" security it will be HTTP on an HTTPS page, and the browser will block it.

The solution is to make the popup explicitly HTTPS as well.

I've complained about this a few times now over the years...

J.Ja
Just adding a note: In a reverse proxy scenario with SSL Offload you should be careful, since OutSystems recomends that all application screens and web flows must have HTTP Security set to ‘None’. 
André Siébra wrote:
Justin James wrote:
Hans -

The popups and the screens calling them must have the same HTTPS setting. The platform is not smart enough to notice that it is dishing the base page as HTTPS and therefore the link to the popup must be HTTPS as well, so if you leave the popup to "blank" security it will be HTTP on an HTTPS page, and the browser will block it.

The solution is to make the popup explicitly HTTPS as well.

I've complained about this a few times now over the years...

J.Ja
Just adding a note: In a reverse proxy scenario with SSL Offload you should be careful, since OutSystems recomends that all application screens and web flows must have HTTP Security set to ‘None’. 
 
In that case, this is a non-issue that won't come up in the first place. :)

J.Ja

Hi,

I had same issue. Quick workaround:

1. Create new ExternalSite with /RichWidgets/PopUp_Upload.aspx

2. Find and replace RichWidgets screen usages by newly created ExternalSite