Mixed Content Problem with Avatars in Chat


  • Used Zammad version: 3.3.x
  • Used Zammad installation source: as per the Installation Instructions for Ubuntu 18.04
  • Operating system: Ubuntu 18.04
  • Browser + version: Chrome 81.0.4044.92 (Win 10)

Expected behavior:

  • Embed the Avatar via https

Actual behavior:

  • the avatar is embedded via http creating a mixed content problem on my https server

In order to work properly and not produce CSRF errors my zammad has to be configured to Http Type = http, as nginx is providing https (via letsencrypt). Setting the http Type to http in System Settings leads to the chat widget embedding the Avatar as http:// even if the Server actually delivering the jpg is forcing https.

Any chance the Avatar embed can be embedded via a Protocol relative URL?


Sorry but I’m confused.
Why did you configure the http-type in Zammad to http if your nginx is actually providing https to your users?

Technically while you can use several FQDNs, only one is directly supported. If you have to mix between several FQDNs ensure to always use the one that’s reachable from the outside (or from everyone). So in general decide for one protocoll: http or https.

Shipping relative URLs is not possible in this context.
We’re building a lot of URLs from the system configuration.

I had to switch to http because zammad was causing CSRF Errors for the password reset Function for me.

I’m using one FQDN, the chat is embedded on another webserver, it is embedded via https and the chat widget is trying to load http content, that can’t be intended?

Disregard evertything I just wrote including the original issue… it was a nginx conf issue… :slight_smile:

Oh I see! Glad you could solve it in a hopefully good way for you! :slight_smile:

1 Like

This topic was automatically closed after 3 days. New replies are no longer allowed.