Reset password form - protocol mismatch

Created November 13, 2023 07:30

Hi,

I have a problem with the reset password form. The change password email include a link to the reset password form with https prefix, eg.
https://jbspace.domain.com/oauth/auth/enter/xxxxx but on this page, form action links to page with only http protocol eg. http://jbspace.domain.com/oauth/auth/changePassword. This cause an error after the the Change password button is pressed:

Mixed Content: The page at 'https://jbspace.domain.com/' was loaded over HTTPS, but requested an insecure form action 'http://jbspace.domain.com/oauth/auth/changePassword'. This request has been blocked; the content must be served over HTTPS.

Any ideas how to solve this issue?

3 comments

Apollo323au

Created March 07, 2024 00:55

Hi!

Can I bump this please? I'm having the same issue.

Otherwise, was there a solution?

Oleg Beriashvili

Created March 07, 2024 09:45

Apollo323au,

The issue was caused by the mismatch of the URL specified in the altUrls config parameter. If you experiencing the same issue, please try to remove all URLs from that field and leave only one matching the URL specified as the URL parameter of the frontend block.

Apollo323au

Created March 07, 2024 11:53

Thanks for that - no luck unfortunately.

Perhaps I need an upgrade - I'm running 2023.1.1 so I'll try bumping up to 2023.3.3 and see if that helps.

Please sign in to leave a comment.