covers/images are not loading with https
/label Type: Bug Status: Need triage
Steps to reproduce
- Visit the page at https://example.com/library/albums
- See on the log of Firefox
- Covers ore Images are not loading with https
What happens?
The side are not loading covers and image over a Reverse Proxy with Apache2 on https. Only http.
If you load the side with artist or play a song on the side, you see no cover or images from this one, because this one is loaded only with http on the code.
What is expected?
Context
See on the developerment on Mozilla Mixed Content
If loaded the side, you see on the debugger the following error for Images:
Mixed (unsafe) Screen-content from "http://exapmle.com/media/__sized__/albums/covers/2019/08/25/asdfvsdfvdsfsdf-crop-c0-5__0-5-400x400-70.jpg" are loading on a safe site]
This one need https.
My Apacheconfig is the following:
Define funkwhale-sn example.com
Define funkwhale-api http://localhost:5000
Define funkwhale-api-ws ws://localhost:5000
Define MUSIC_DIRECTORY_PATH /srv/funkwhale/data/music
#Port 80
<VirtualHost *:80>
ServerName example.com
RedirectPermanent / https://example.com/
# Default is to force https
RewriteEngine on
RewriteCond %{SERVER_NAME} =${funkwhale-sn}
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
</VirtualHost>
<VirtualHost *:443>
ServerName example.com
SSLEngine on
SSLProxyEngine on
SSLCertificateFile "*"
SSLCertificateKeyFile "*"
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
H2Direct on
# Path to ErrorLog and access log
ErrorLog ${APACHE_LOG_DIR}/funkwhale/error.log
CustomLog ${APACHE_LOG_DIR}/funkwhale/access.log combined
# Configure Proxy settings
# ProxyPreserveHost pass the original Host header to the backend server
ProxyVia On
ProxyPreserveHost On
<IfModule mod_remoteip.c>
RemoteIPHeader X-Forwarded-For
</IfModule>
# Turning ProxyRequests on and allowing proxying from all may allow
# spammers to use your proxy to send email.
ProxyRequests Off
<Proxy *>
AddDefaultCharset off
Order Allow,Deny
Allow from all
</Proxy>
<Location "/">
# similar to nginx 'client_max_body_size 100M;'
LimitRequestBody 104857600
ProxyPass ${funkwhale-api}/
ProxyPassReverse ${funkwhale-api}/
</Location>
<Location "/federation">
ProxyPass ${funkwhale-api}/federation
ProxyPassReverse ${funkwhale-api}/federation
</Location>
# You can comment this if you don't plan to use the Subsonic API
<Location "/rest">
ProxyPass ${funkwhale-api}/api/subsonic/rest
ProxyPassReverse ${funkwhale-api}/api/subsonic/rest
</Location>
<Location "/front">
ProxyPass "!"
</Location>
Alias /front /srv/funkwhale/front/dist
<Location "/media">
ProxyPass "!"
</Location>
Alias /media /srv/funkwhale/data/media
<Location "/staticfiles">
ProxyPass "!"
</Location>
Alias /staticfiles /srv/funkwhale/data/static
# Activating WebSockets
<Location "/api/v1/activity">
ProxyPass ${funkwhale-api-ws}/api/v1/activity
</Location>
# Setting appropriate access levels to serve frontend
<Directory "/srv/funkwhale/data/static">
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
<Directory /srv/funkwhale/front/dist>
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
<Directory /srv/funkwhale/data/media>
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
# XSendFile is serving audio files
# WARNING : permissions on paths specified below overrides previous definition,
# everything under those paths is potentially exposed.
# Following directive may be needed to ensure xsendfile is loaded
#LoadModule xsendfile_module modules/mod_xsendfile.so
<IfModule mod_xsendfile.c>
XSendFile On
XSendFilePath /srv/funkwhale/data/media
XSendFilePath ${MUSIC_DIRECTORY_PATH}
SetEnv MOD_X_SENDFILE_ENABLED 1
</IfModule>
</VirtualHost>
I think can solved this one with a Rewrite Rule. Any idea?
Funkwhale version(s) affected: 019.1
- Mozilla Firefox 68.0
- Instance configuration (non-docker without ansible, apache as proxy, Modsecurity2 OWASP Rules)