Menu Close
    Hire Us Request Quote Reading List Switch to Dark Mode

    FIX: Mixed Content Errors while serving ODOO POSBOX over HTTPS

    In this article, we`ll check different approaches to fix the mixed content errors we received in ODOO, served over HTTPS, while connecting with POSBOX. But before starting we need to know some basic terms related to it, lets begin:

    What is HTTPS ? What are the benefits of using HTTPS over HTTP ?

    When we visit a web page using HTTP protocol, your connection to the website is not secured. Hackers can easily do eavesdropping here, and can stole your data which webpage and your server communicates.

    That’s why we have HTTPS protocol, The ‘S’ at the end of HTTPS stands for ‘Secure‘. It means all communications between your browser and the website are encrypted. This keeps your information safe from hackers. HTTPS is extremely important if we are using any payment gateways or other password related things in your websites.

    What is “mixed content”?

    Mixed content error occurs when we try to access a web page which is on HTTPs but the web page’s source code is also pulling some other resources with the insecure HTTP protocol. In this scenario, browsers display a warning/error message saying that the page has both HTTPS and HTTP content, i.e MIXED CONTENT.

    Odoo POSBOX blocked by “Mixed Content” Security Policy

    After migrating ODOO from http to https, posbox stopped working we have this mixed content problem which prevents loading http resources from a page served in https. In other words if your point of sale is served over https, browser will block the http connection to the posbox. Error message which we are receiving in browser is something like :

    Mixed Content: The page at https://192.168.1.78/pos/web/#action=pos.ui‘ was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint http://192.168.1.93:8069/hw_proxy/hello‘. This request has been blocked; the content must be served over HTTPS. send @ web.assets_common.js:954


    There are several approaches to fix this issue, which i `ll explain in this article:

    Approach 1: Deactivate mixed content security in your browser. [ Works only with Firefox, No workaround found for Chrome/Safari till date ]

    To disable mixed content warnings in Firefox open Firefox, enter about:config into address bar and hit Enter. Using the search box, search for a setting called security.mixed_content.block_active_content. Once you have found it, set it to false.
    Unfortunately we can`t disable this security in case of Chrome or Safari, we have to use some other approaches in order to fix this issue.

    Approach 2: Serve the point of sale over http. [ Have to compromise with loading some of ODOO data in plain HTTP ]

    We can serve our point of sale in plain HTTP, and rest of our ODOO as HTTPS by configuring nginx to only serve the point of sale route /pos/web in HTTP.

    Check sample nginx configuration file having this setup, LINK

    Approach 3: Migrate POSBOX as well, in HTTPS. [ Best Approach Found till date ]

    Install & configure nginx in posbox also, and append https:// with the IP address while configuring in your Point of Sale.

    I have created a image having nginx properly installed and configured in it, if someone looking for the same, can use it. what you need to do is :

    • Download Image [NEW]ODOO-POSBOX-HTTPS.zip
    • Extract it, and burn it in the memory card, same way as you did for original posbox image.
    • Run your posbox, if you hit your posbox ip address in browser as : https://<posbox-ip-address> , you`ll see your POSBOX default homepage.
    • Put this https://<posbox-ip-address>, in your Point-Of-Sale configuration as: 
      That`s it…

    Thanks for reading this blog !!! I hope it will help someone.

    Your opinions, comments and suggestions are important to keep this extension updated and more usefull !!!

    . . .

    Comments (34)

    Add Your Comment

  • Simon Gottberg
    Hi, does this work with Odoo 12? If not then do you plan to make a image with IoT Box with Nginx?
    • Manish Bisht
      Hi,

      The image uses the latest version available from Odoo. So, it should work with Odoo 12.
      Try once!!

      Thanks,

  • Andreas Hochuli
    Hi,
    In order to establish a connection to the POSBox via https, I first have to open the default page of the box via https in the browser I intend to run Odoo POS and accept, that I want to access this address even without a valid SSL certificate. As far as I know, accepting this exception gets reset from time to time by the browser. Is there a possibility to make this permanent? I don’t thnik that it is possible to somehow get a valid certificate for a local IP address.
    Thanks
    • Manish Bisht
      Hi,

      Yes, the script is setup to generate new certs on every boot. The exception should be accepted by browsing the default page once before use.
      It’s not possible to get valid certs for a local IP.

      Thanks,

  • Mike
    the Image file provided in solution 2, will not get an IP address, it is set to 192.168.1.199. where can we get the newest version?
    also when will the letsencrypt version be available?
    • Manish Bisht
      Hi,
      Please try newer image uploaded. Earlier, the update wasn’t published on blog properly.

      Letsencrypt doesn’t offer certs on IPs(local or Public).
      You would be able to use Letsencrypt certs only if you map a public domain to it.

      Thanks,

  • Shirly asprilla ramirez
    Hola,
    tienen idea si alguna de estas soluciones se ha implementado en la nueva versión del posbox (IOT Box) y ha funcionado?
    Gracias.
    • Manish Bisht
      The attached image is of v17. You can download & burn it normally.

      As the private IP can be different for everybody, the image has been provisioned to read the local IP on every boot & generate self-signed certs for itself. You would then be able to access it over 443(https/SSL).

      So you would need to map a static IP to your POS & accept the SSL certs in order to use it over SSL.

  • Juan
    Hi,

    Thank you for writing about the different alternatives to solve this issue.

    I just tried your new.img by flashing it as the posboxv15.img, however the “new” box does not create a wireless access point. Instead the Posbox Status printed shows two IP adresses 127.0.0.1 and 192.168.1.199.

    Then, I connected directly through the ethernet interface to my laptop and I can reach the configuration page through http://192.168.1.199:8069 (not https). I see that I have v17, however, when I go to the WiFi configuration page, there is no neighbouring SSID offered, although the box with the standard image v15 sees, besides mine, all of the multiple neighbouring routers in the vicinity.

    Is this an expected behaviour? Am I missing some step in the setup of this special image?

    Thanks in advance,

    Juan.

    • Manish Bisht
      Hi,

      You may try our new image. This time it reads the local IP received via DHCP protocol. Browse the IP over https(without 8069).

      If you plug in the ethernet cable, all Wi-Fi related functionalities will be disabled as a wired network connection is available.

      Thanks,

      • Juan José Trujillo
        Thank you Manish for your answer,

        Indeed what I explained earlier has been experienced with new.img (v17?) and unfortunately there seems to be something wrong with the IP taken by the PosBox (RP3). My systems take an address in 192.168.0.xxx from the router, however the PosBox takes (apparently) the address 192.168.1.199.

        The address of the posbox is always the same, independently of turning it on w/o connecting it via cable to the router. When I check my router, then the system is connected, however no IP has been provided to the system. There must be an issue with the DHCP in this image.

        • Manish Bisht
          Hi,

          Please try newer image uploaded. Earlier, the update wasn’t published on blog properly.

          Thanks,

  • Back to Top
    css.php
    Hire Us!
    Brief us about your requirements and we'll get back to you.
    Woo! Hooy!
    We have just recieved your project brief and our expert will contact you shortly.
    Send Again
    Close