Fix Mixed Content Issue on Bot Selection Page by Enforcing HTTPS Endpoints#207
Open
sundar410 wants to merge 1 commit intoOpenNyAI:mainfrom
Open
Fix Mixed Content Issue on Bot Selection Page by Enforcing HTTPS Endpoints#207sundar410 wants to merge 1 commit intoOpenNyAI:mainfrom
sundar410 wants to merge 1 commit intoOpenNyAI:mainfrom
Conversation
… on Bot selection page
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request resolves a mixed-content error observed on the Bot selection page. The issue was caused by some API endpoints being constructed with an HTTP scheme (e.g., http://XXX/v2/bot/...) even when the page was loaded over HTTPS. Browsers were consequently blocking these insecure requests.
Before:
The BotSettings.tsx file was using a variable for the API host that sometimes included an HTTP URL, causing mixed-content warnings/errors.
For example, API calls like http://XXX/v2/bot/ were made when the site was served securely over HTTPS, resulting in blocked requests.
After:
The API endpoint references in BotSettings.tsx have been updated to force HTTPS— so that all calls to /v2/bot and /v2/channel are made securely.
The changes ensure that all API calls are constructed with the HTTPS protocol, thereby preventing mixed-content issues.
Changes Made in BotSettings.tsx:
Updated API endpoint URLs by replacing any instance of http://XXX with secure endpoints (https://XXX), ensuring that the API host is always using HTTPS.
Introduced (or adjusted) the logic to enforce HTTPS when building API URLs.
Verified that all calls to bot and channel endpoints now use secure URLs, resolving the mixed-content error.
Testing:
Locally verified with browser Developer Tools that all API requests from BotSettings.tsx are now made over HTTPS.
Confirmed that the Bot selection page no longer shows mixed-content errors, and all related functionalities (bot selection, channel update, deletion) work as expected.
Ref: https://stackoverflow.com/questions/70351360/keep-getting-307-temporary-redirect-before-returning-status-200-hosted-on-fast