[CKEditor.Reactive] Exposed REST service returns "HTTPS connection Required"
Question
ckeditor-reactive
Forge component by Fábio Fantato

We are using CKEditor Reactive in an application.


In the Development server, we are able to call the Download method of the rest API using HTTP protocol, but in the Integration server, the same call returns the HTTPS connection Required. If we use HTTPS the call works in both environments.

As to why this API is being called with the HTTP protocol, we are using the HTML generated by CKEditor to send emails, and if we embed an image in the editor (which causes the image URL to be saved as a relative URL), in the development environment the email will be sent without issue, but in the integration environment the email fails because the call to the API to download the image fails. (since the call is internal, Outsystems will default to HTTP connection for internal calls and we get the error message).


I have checked Lifetime for the security configuration (Force HTTPS for exposed integrations in Web Applications) and both environments have this setting turned off.


Both environments have the same version of the forge component installed. I am not sure if this is a problems with the component or the server, but this is causing issues to tests being done in the integration environent.


Has anyone come across this issue? Is there some configuration i might check on the servers that might be causing this issue, other than the Force HTTPs setting?

Hello Sergio,

A few questions to better understand your situation:

1. Where is OutSystems installed in the Integration environment? for e.g. on premises, in a private cloud? 

2. How are you running the tests in Integration environment when the errors are encountered? For e.g. are these executing in Service Studio or using a CICD tool like Teamcity or CircleCI etc.

2. Is your integration environment open to access from outside your network while the Development is not?

Regards,

AJ

Hello AJ.

Thanks for the reply. As for the answers to your questions:

1. All infrastructures are On-Prem (Dev and Int)

2. Tests are manually run using the application when sending an email using these images. I've also done the test acessing the download URL directly from inside the servers using Internet Explorer.

3. No, neither environment is acessible from the outside my network.

Thank you Sergio,

By the way, if not already done, I would recommend opening a support ticket with OutSystems for a faster resolution.

You had mentioned that in LifeTime the 'Force HTTPS for exposed integrations in Web Applications' setting is turned off in Integration (and Dev) but how about the other 2 settings namely -
Enable "HTTP Strict Transport Security (HSTS)"  and "Force HTTPS for screens in Web Applications"?

If these are turned On have you tried turning these Off one at a time?

Regards,

AJ

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.