Mixed Content - No favicon

roughnecks · February 29, 2024, 12:19am

Hello,

My version of HedgeDoc is: git master
HedgeDoc doesn’t display the favicon, I get this error in console:

Mixed Content: The page at ‘https://pad.domain.tld/’ was loaded over HTTPS, but requested an insecure favicon ‘http://pad.domain.tld/icons/favicon.ico’. This request has been blocked; the content must be served over HTTPS.

This is my nginx conf:

map $http_upgrade $connection_upgrade {
        default upgrade;
        ''      close;
}
server {
        server_name pad.domain.tld;

        location / {
                proxy_pass http://127.0.0.1:3390;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection $connection_upgrade;
        }

        location /socket.io/ {
                proxy_pass http://127.0.0.1:3390;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection $connection_upgrade;
        }

    listen [::]:443 ssl http2;
    listen 443 ssl http2;
    ssl_certificate /etc/letsencrypt/live/pad.domain.tld/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/pad.domain.tld/privkey.pem;
}

And this is my HD config:

{
    "production": {
        "domain": "pad.domain.tld",
        "port": 3390,
        "loglevel": "debug",
        "sessionSecret": "sekret",
        "email": false,
        "allowEmailRegister": false,
        "db": {
            "dialect": "sqlite",
            "storage": "./db.hedgedoc.sqlite"
        }
    }
}

Thanks

ErikMichelson · February 29, 2024, 9:45am

Hi @roughnecks and welcome to the HegdeDoc community!

As already stated in the chat room, this is probably caused by a missing protocolUseSSL statement in your config.
Be sure to follow the reverse proxy guide.

Kind regards,
Erik

roughnecks · February 29, 2024, 9:56am

Yeah, fixed already
Forgot to update here, thanks again.