跳至内容
此问题已终结
2 回复
1647 查看
形象
David Soden

My setup

  • Docker
    • I have tried the local windows installer - same core issue with Mixed Content
  • 2 different proxy have been tried with the same Mixed Content issue.
    • Cloudflare
      • Install the agent
      • configure the agent in the web configurator to http:localhost:8069
    • Nginx Proxy Manager
  • odoo.conf
    • add these entries and restart the odoo web container to apply settings
      • proxy_mode = True
      • list_db = False
  • In the database for table public.ir_config_parameter (or in the web UI settings enable dev mode > Technical > System Parameters)

When I then log into the web UI app.omnistreamerp.com and in APPS and when I activate "Website" all is good till I pick a theme/template - the page NEVER LOADS - the console shows mixed content. In another browser if I just hit app.omnistreamerp.com and do not log in (view it as a public user) the site loads perfectly FINE.


MIXED CONTENT only shows when picking a template/theme on initial setup AND/OR when one tries to edit the website then BAM you get MIXED CONTENT errors and chrome BLOCKS the site. This is NOT a proxy error this seams to be an Odoo application error with the community edition specifically. 


seams to me the proxy_mode = True setting is NOT doing its job.


if I hit view-source:https://app.omnistreamerp.com/ directly like this I can see the HTTP references - oddly this is ONLY a problem when you're either setting this up or you're trying to edit the site while being logged in - normal nonauthenticated browsing does not trigger this MIXED CONTENT problem - this IMO/IME does not seem like a proxy issue at all - given this behavior. Obviously you can add an exception to Chrome  / Edge to allow mixed content from app.omnistreamerp.com but that is not an acceptable workaround given this is an ERP system and it needs to be secure and work securely.


Setting the website domain in Configuration > Websites > selecting "My Website" has NO impact and the error also remains the same unchanged behavior. The only way to get this to work is allowing mixed content for this specific domain app.omnistreamerp.com in Chrome or Edge


形象
丢弃
David Soden
编写者

This post I made above. No responses yet. I find it hard to believe I am the only one experiencing this. Can someone confirm if this is normal behavior or if a bug... and/or how your configuration is where this is not happening?

VENBA INFORMATION TECHNOLOGY PRIVATE LIMITED

Am facing exactly similar issue with my CE18. Any solutions would be appreciated.

形象
Sean Craig
最佳答案

Hello. Try setting your SSL certificate to Full or Full Strict. This is typically done in your DNS host platform. 

形象
丢弃
形象
David Soden
编写者 最佳答案

I finally heard from Odoo support where this had to be escalated to the supervisor level. The answer is both shocking and very disappointing with the key take away of use the CE version at your own risk because it is INSECURE. If you want security shell out the $300.00 as the problem does not exist there.

I asked my leader. He told me the reason for this situation is that the web editor function of Odoo needs to access the website using the HTTP protocol and create an iframe. However, when SSL/TLS encryption is enabled (such as using nginx), the server will block the insecure HTTP protocol, resulting in an error. You can try accessing it directly via IP using the HTTP protocol. Alternatively, you can add two parameters in the system settings of Odoo: web.base.url=your domain, and web.base.url.freeze=true. I hope this information is helpful to you. Also, don't forget to include proxy_mode and workers in the odoo.conf file.I hope it's useful for you. 

This is crazy. Just use http and basically ignore the fact it's insecure. 🤦‍♂️

形象
丢弃
Zhao Yipeng

Hi,David.I am not an Odoo support personnel, I am just a user of Odoo. I am trying to set up my company's Odoo service, and my leader also found a solution through trial and error. I posted a help request in the Odoo community before, so when my issue is resolved, I want to share my solution with you. My English is not very good, so I wonder if there has been a misunderstanding?

David Soden
编写者

Hi Zhao,

The email that came in looked like the support emails I get, so... I thought you were finally answering my question as Odoo Support. I did not see the differentiation till your call out. Well, anyway, seems this is... not something that folks should use in a production scenario. Pay the $300. The CE is insecure.

apologies for the confusion