Web browser security has increasingly placed an emphasis on preventing users from accessing HTTPS sites which include insecure HTTP content, known as mixed content, so that potentially sensitive information is not sent in the clear from an otherwise secure page. This article outlines how to stop this situation from arising on the ESS editor.
This article is intended for EchoSystem customers using mixed content network protocols, where Application Network Settings are configured for “HTTPS for App/HTTP for Content” or “HTTPS for App/HTTP for Content with reverse proxy”.
Users attempting to Edit Media on the ESS (select an Echo from the Echoes tab and click Edit Media) will find the editing window does not open.
This issue is related loading a single webpage with mixed content security protocols (HTTP and HTTPS) using Chrome v.30 and above, Firefox v.23 and above, and Internet Explorer 9 and above.
To resolve this problem the ESS must be configured to use either “ALL HTTPS” or “HTTPS with Reverse Proxy”:
- Login to the ESS and navigate to the System Settings page.
- Under the Application Network Settings section change the protocol to either “ALL HTTPS” or “HTTPS with Reverse Proxy”.
- Note: if you are using "ALL HTTPS with Reverse Proxy", please make sure to update your proxy server and/or iptables/firewall settings appropriately.
- If you are running an external web server, ensure the proper SSL certificates are installed for the web server.
- Restart the ESS service.
Echo360 has run a series of internal tests and the encryption overhead did not significantly impact page load times. If this change cannot be made, then you must communicate to your users that they need to set their browsers to “Allow Mixed Content.”