Data Mastery asked:
Since 2 days, our users get the following warning when trying to login on our service:
English version:
The information you’re about to submit is not secure
Because this site is using a connection that’s not completely secure, your information will be visible to others.
Send anyway Go back
This is the setup in nginx we use and which worked for the last 3 years without any issue. It still works, but on Chrome it produces the warning.
location / {
proxy_pass http://shinyproxy:4000; ### Übernahme der servicenamen aus Docker-compose
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 600s;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Protocol $scheme;
}
location /auth/ {
proxy_pass https://keycloak:8443; ### Übernahme der servicenamen aus Docker-compose
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 600s;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
I found this thread:
https://bugs.chromium.org/p/chromium/issues/detail?id=1158169#c49
This seems to explain it. My knowledge with nginx is only quite basic, but can anyone suggest a workaround here?
My answer:
This warning is new in Chrome 86 and occurs when your web applicaton tries to submit a form via HTTP rather than HTTPS. Check your web application’s HTML form and ensure that it posts to an HTTPS URL, not an HTTP URL.
View the full question and any other answers on Server Fault.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.