Plugin update check not working if redmine is viewed over https
|Assignee:||Jean-Philippe Lang||% Done:|
Chrome silently blocks any request to insecure sites:
[blocked] The page at 'https://<servername>/admin/plugins' was loaded over HTTPS, but ran insecure content from 'http://www.redmine.org/plugins/check_updates?<plugin info>': this content should also be loaded over HTTPS.
This causes breaks the plugin update checker. redmine.org should be accessible over https and the check should use the secure site if https is selected in the redmine settings. I'd also like to note that redmine.org is transmitting username and password unencrypted which is really bad!
#4 Updated by Florian Kaiser about 6 years ago
- File redmine-1.6.1-update_check_https.patch added
This is still unfixed in Redmine 2.6.1 since it still sends the request using http://
I recommend using an protocol relative url so it chooses automatically between http and https depending on what is used for Redmine.