"HTTPS connection required" in mobile application

"HTTPS connection required" in mobile application

  

We have started developing a new mobile application using P10, but cannot run it (in preview). This is the error we are getting:


HTTPS connection required.
   at OutSystems.RESTService.Controllers.RestServiceApiController.ValidateRequestSecurity()
   at OutSystems.RESTService.Controllers.ModuleServicesApiController.Log(LogMessage[] logs)


I don't even know what this stack trace is, this is some platform thing. All our applications are using HTTPS, mobile application doesn't seem to have any config about this. Also this happens no matter if the screen requires roles or does not.

Any ideas?


Hi Igor,


Is the preview being accessed via https in the browser? Does it work outside the preview and in the mobile device?

That error usually means one of two things:

 - The page is not being accessed via https in the browser.

 - In setup with load balancers with SSL Offloading the configurations are wrong (so the server does not understand that the ssl was offloaded by the load balancer). 


Regards,

João Rosado

João Rosado , yes there is https in the browser, in both cases (preview and direct), in both cases there is the same error. I didn't check on real mobile.

Regarding SSL offloading - our administrator says everything is set up properly.

Is there some configuration inside of the application that should be set? Like "HTTP Security" for web screens . I couldn't find any.

There is no configuration to turn it on/off because it is always mandatory for mobile applications.


Can you do a little test to see if there a problem with the offloading?

In a Web module add a REST Service and set the security to SSL/TLS. In the service add a GET method. See if you can call that method url in the browser or if ut gives the same error as the mobile aplication.


Regards,

João Rosado

João Rosado , I did it and got the same error:

{"Errors":["HTTPS connection required."],"StatusCode":403}

So what does this mean?

Solution

Hi,


All points to the SSL Offloading not being correctly configured.

I recommend reading carefully the steps 2-4 in the End-to-end SSL and SSL Offloading documentation.

Also to note that the header values there are examples. They may differ depending on what is configured on the load balancer and will need to be ajusted to match. Without that configuration the platform does not understand if a request was offloaded or not, so it behaves as if only http is being used.


Regards,
João Rosado

Solution

João Rosado , thank you! I've given this link to our admin, he did something, and now it works.