Jump to content
Welcome to our new Citrix community!

Any way to fix a Chrome "Mixed Content" issue on the NetScaler side?


Melinda Deering

Recommended Posts

My ADC VPX is running NS12.1 57.18.nc and load balancing an app that recently started throwing an error in Chrome about insecure form content. A quick Google search indicates a new feature of Chrome will cause this: https://blog.chromium.org/2020/08/protecting-google-chrome-users-from.html. Of course the developers are all hopping up and down and blaming the load balancer and telling me I need to fix this. I am understandably reluctant to accommodate http requests, and wondering if there is a more secure workaround for this problem. And they really should rewrite their code.

Link to comment
Share on other sites

I think, that won't work, as the browser has to submit via HTTP before it actually gets a redirect to SSL.

 

In fact, it's the application guilty. It uses absolute links, containing http://... instead of https://...

 

Of course, you may fix this from ADC. Crerate a rewriting policy, type response, rewriting all http://mydomain.test/... to https://mydomain.test/...

Mind: You have to enable the feature HTTP compression to make this working, as compressed HTTP responses don't contain the search string!

 

Greetings from Austria

 

Johannes Norz

CTA, CCI, CCE-N

https://norz.at

https://wonderkitchen.network

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...