AnsweredAssumed Answered

Subpanel select not work due to mixed page content (https vs http)

Question asked by Ramblin Ramblin on Mar 23, 2014
Latest reply on Mar 13, 2018 by Dan Soper
I am on CE 6.5.16

I connect to my SugarCRM instance over https and, if I clear cache I will find that the select button in my subpanels does not work.  It takes me through all the steps, showing the pop-up window and everything, but when you click on the final link/submit, it just does not do it.

In a previous post in the old forum, a user on 6.5.13 asked about the same problem they started having once Firefox went past v23 (now on 28 with same issue).

 

      Hello,

in our SugarCRM 6.5.13 installation, suddenly the selection of records
in a subpanel does not work. This is for all kinds of relationships,
e.g. assigning a customer to an opportunity, or an opportunity to a
customer.

All I changed was to run "Repair Roles" from the Admin section, trying to fix another problem.

There are no Javascript errors visible when you click on a record in the
  Select popup. The popup just closes, but the relationship is not
created.

Do you have any idea where I could look to solve this? Thank you!

Edit: Contrary to what I first thought, there is a JS
  error visible in Firebug. It says that Loading of mixed active content
from "http://yui.yahooapis.com/combo?3.3.0/build/oop/oop-min.js&3.3.0/build/event-custom/event-custom-base-min.js&3.3.0/build/io/io-base-min.js" was blocked. This is because we are using https for our SugarCRM installation, and Firefox won't load JS through http then. The loading occurs from <script type="text/javascript" src="cache/include/javascript/sugar_grp1_yui.js?v=.......">, in which file I can definitely find the http:// URL. How can I tell it to use https://?


 


      Last edited by sunside; 2013-09-19 at 04:07 PM.

   

The issue was with an attempt by the SugarCRM code to load javascript via http (insecure) while the connection was made over https.  This attempt to force mixed-page-content on the browser used to work, but newer versions of Firefox (and ie and Chrome as I understand it) block mixed-content pages by default.

The solution proposed was to disable Ajax, but that is a work-around, not a fix and it does impose performance penalties on the users.

In the browser, you can disable the mixed-page content block for all web pages, but that is NOT a good idea, since some hackers used this"loophole" to do nefarious things.  You used to be able to allow mixed-content pages on a per-page basis but that is no longer available.

The real solution is to have the site code make the javascript calls so they use the protocol (https or http) that was used to make the connection, not a hard-coded http (or https) selection.

I tried going to my 6.5.16 site using http and the select feature in the subpanel worked.  So it looks like the mixed-page javascript loading is still an issue.

The one I was testing on was the Contacts subpanel in the Accounts detailview, but I am willing to bet the issue is more wide spread than that.

So yes, I am assuming the SugarCRM code hard-codes the javascript call to use http.

Is there an awareness of this in SugarCRM and if so, is there a way to fix the javascript call code locally - as opposed to waiting for the new bug-fix release?  If so, can you give detailed instructions of what file/directory to go to and what code to change?

Outcomes