Hi Stuart,

just my 2 cents for discussion. 

I don't think that you have an issue with the SSL Offloading because the call is being done in HTTP and not HTTPS.

Also, you don't have any certificate errors trying to call an application webpage. 

Are you using Lifetime? If so, in the 'Infrastructure' - 'Environment Security', 'Force HTTPS for screens...' option enabled?

Could be something related to this.

Let me know the culprit of this mistery! 

Hi Rui,

Thanks for your response. The problem is the upload control is putting a http link in the HTML, but as Outsystems supports SSL offloading it should not be doing that.  So SSL offloading appears to be working properly, but I would like to know if the Popup_Upload widget works with SSL offloading.

The force HTTPS option is off because we are using SSL offloading which removes HTTPS before it gets to the web server. If force HTTPS is on, it would cause an infinite loop where OutSystems received the HTTP request with SSL removed and redirects the browser to HTTPS, which gets removed again by the reverse proxy.

Have you tried setting your RP to forward the traffic to your servers in HTTPS as well (and then force HTTPS on Lifetime)? SSL offloading will still be used to manage different certificates and most RPs/LBs can ignore certificate errors, for internal traffic, to the web servers (you can even use certificates with a smaller keysizes for that traffic), so you won't have to bother to update all of your web servers whenever a new certificate is installed on the RP. Have seen this quite often.

Hi Arley,

No I haven't tried that.  I don't have control of the infrastructure, I am just working in an environment that is using SSL offloading.

In an interesting development, the upload control appears to be working now, and I am not aware of any changes.

I will update the thread if I find out what has changed to make it work.

Maybe something was left unpublish and not fully refreshed. Once some publish was done, it started working correctly.