I am using Nginx as a reverse proxy, we are adding TLS to a back end application and are handling redirects port 80 http to 443 https. Works great for several sites and 95% for an enterprise application.
For that application it occasionally issues a 302 redirect with a relative url such as Location: /something/
Apparently Nginx is seeing this and adding <scheme>://<host>/something to fetch that content. Both firefox and chrome then flag a mixed content warning and don't load that section unless the user clicks allow it. The F12 console contents look like this:
Mixed Content: The page at 'https://<host>/something' was loaded over HTTPS, but requested an insecure resource 'http://<host>/something'. This request has been blocked; the content must be served over HTTPS.
The vendor I'm working with found this topic which sounds sort of like what's happening: https://stackoverflow.com/questions/33523821/how-to-issue-a-relative-url-redirect-from-nginx
So is there something I can add to my config file to allow nginx to pass the relative URL instead of the full scheme/host/url?
For that application it occasionally issues a 302 redirect with a relative url such as Location: /something/
Apparently Nginx is seeing this and adding <scheme>://<host>/something to fetch that content. Both firefox and chrome then flag a mixed content warning and don't load that section unless the user clicks allow it. The F12 console contents look like this:
Mixed Content: The page at 'https://<host>/something' was loaded over HTTPS, but requested an insecure resource 'http://<host>/something'. This request has been blocked; the content must be served over HTTPS.
The vendor I'm working with found this topic which sounds sort of like what's happening: https://stackoverflow.com/questions/33523821/how-to-issue-a-relative-url-redirect-from-nginx
So is there something I can add to my config file to allow nginx to pass the relative URL instead of the full scheme/host/url?