Insecure Content Warning in Browser on an SSL Instance
Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.
Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Symptoms
When accessing the dashboard on a JIRA instance displaying an activity stream, the browser may display a warning similar to:
This page has insecure content
Mixed content warning
Only secure content is displayed
Cause
The activity stream displays content using the Base URL configured in the JIRA instance. This may cause the browser to flag the page as insecure due to the mixed SSL and non-SSL content. A user can see the mixed URL content when using the developer tools to inspect a page.
In Chrome the dev tools can be accessed by right clicking the page, then >> Inspect element
Resolution
Update the Base URL configuration to use the https url. This setting is is found in
Administration >> System >> General Configuration >> Base URL.For user who are integrated JIRA with Proxy SSL such as Nginx or Apache, please add this variables (proxyName, proxyPort, scheme and secure) in your JIRA
server.xmllike below:1 2 3<!-- OPTIONAL Proxy Connector with https --> <Connector port="8080" maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false" maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443" acceptCount="100" disableUploadTimeout="true" proxyName="www.atlassian.com" proxyPort="443" scheme="https" secure="true"/>
Was this helpful?