JsAPI embedded reports over ssl proxy
11 March, 2016
Hello
I have an issue with embedded reports using JsAPI. Our Yellowfin installation is hosted on Tomcat, while our own application embedding Yellowfin reports is hosted on a different web server. They are both exposing a http connector (not https).
These are fronted by a proxy server that handles ssl and proxies all the requests.
The request to our app page that embeds a report is made over https; at that time, the Yellowfin JsAPI is uploaded and injected (at runtime, as the location of the Yellowfin installation may differ from one deployment to another).
Issue is, the ${base.url} in the source javascript files (jsapi/base.js) is loaded in the injected script as http (not https). Thus the browser blocks the request as it detects mixed content.
Is there a way to configure the ${base.url} in the Javascript source files? How to make it use https instead of http?
Regards
Dragos
I have an issue with embedded reports using JsAPI. Our Yellowfin installation is hosted on Tomcat, while our own application embedding Yellowfin reports is hosted on a different web server. They are both exposing a http connector (not https).
These are fronted by a proxy server that handles ssl and proxies all the requests.
The request to our app page that embeds a report is made over https; at that time, the Yellowfin JsAPI is uploaded and injected (at runtime, as the location of the Yellowfin installation may differ from one deployment to another).
Issue is, the ${base.url} in the source javascript files (jsapi/base.js) is loaded in the injected script as http (not https). Thus the browser blocks the request as it detects mixed content.
Is there a way to configure the ${base.url} in the Javascript source files? How to make it use https instead of http?
Regards
Dragos
After additional investigation:
We believe the ${base.url} is populated at runtime with the request url, so that would be http (not https), since the Tomcat server only exposes the http protocol.
However, when injecting the JsAPI:
- if not logged in already, a call to logon.i4?loginwebserviceid= is triggered (which fails, since it is being triggered on http, based on the ${base.url} probably)
- if already logged in, there is no additional call to logon.i4, so the JsAPI script is successfully injected, and the embedded reports are successfully generated
Question is - under which conditions is the logon.i4 invoked here?
We do perform a web service login before injecting the JsAPI script, but i suspect that's being handled as originating from a different domain (as it is performed on https), and JsAPI decides it needs to authenticate again (based on some headers/cookies that are not being passed on?).
Regards
Dragos
We believe the ${base.url} is populated at runtime with the request url, so that would be http (not https), since the Tomcat server only exposes the http protocol.
However, when injecting the JsAPI:
- if not logged in already, a call to logon.i4?loginwebserviceid=
- if already logged in, there is no additional call to logon.i4, so the JsAPI script is successfully injected, and the embedded reports are successfully generated
Question is - under which conditions is the logon.i4 invoked here?
We do perform a web service login before injecting the JsAPI script, but i suspect that's being handled as originating from a different domain (as it is performed on https), and JsAPI decides it needs to authenticate again (based on some headers/cookies that are not being passed on?).
Regards
Dragos
Hi Dragos,
sorry for the delay in responding, somehow this post slipped through the cracks! We believe that if you configure the Yellowfin setting called Base Tags to Exclude then that should resolve your issue:
Please let us know how this goes...
regards,
Dave
sorry for the delay in responding, somehow this post slipped through the cracks! We believe that if you configure the Yellowfin setting called Base Tags to Exclude then that should resolve your issue:
Please let us know how this goes...
regards,
Dave