When viewing the dashboard, your browser reports the connection is not secure due to mixed content

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

Problem

When viewing the dashboard over SSL, your browser may report that your connection is insecure due to mixed content.

This error message may occur when:

  1. Loading the dashboard

  2. Attempting to add a gadget to the dashboard

Diagnosis

Environment

  • You use a secure connection to connect to JIRA. The SSL can be terminated at a reverse proxy or load balancer, or it can be directly terminated at Tomcat.

Diagnostic Steps

If you find any addresses that start with http://, you might be affected by this scenario.

Cause

Content that is served from an HTTP address is not secure. When non-secure content is included in a page that is secure, the browser will warn you as that content may have been compromised by an attacker. For example, the Confluence Page Gadget has an old image from the Atlassian website that is served over HTTP. If the Confluence page gadget is present on the page, it can cause this mixed content message.

Other gadgets provided by third parties may also provide insecure content.

Solution

Resolution

In the case of the Confluence Page Gadget, you can disable it from Confluence to prevent it being shown in JIRA:

  1. Log into Confluence as an Administrator

  2. Click Manage Addons

  3. Choose All from the drop-down, and Search for Gadgets Plugin

  4. Expand that plugin, and then click the link for the modules. It should show something like "x of y modules enabled"

  5. Find the Confluence News Gadget and disable that plugin

For third party subscriptions to gadgets, you can use the following steps to remove the subscription:

  1. Visit <jira-url>/plugins/servlet/gadgets/admin

  2. Click the Subscriptions tab

  3. Click Remove subscription next to the URL of the gadget you'd like to remove

For third party add-ons, you should either disable the addon that provides the gadget, or contact the vendor for support (if you cannot disable the add-on)

Updated on April 2, 2025
Platform
Data Center only
Product
Jira Software Data Center
On this pageSummaryDiagnosisCauseSolution

Still need help?

The Atlassian Community is here for you.
Ask the Community