Impersonate user error in https | Community
Skip to main content
AlleOTC
AlleOTC
Level 2
March 10, 2025
Question

Impersonate user error in https

  • March 10, 2025
  • 1 reply
  • 631 views

We access author instance through a VIP URL in https.
The load balancer then passes the request in http to dispatcher on port 4502 and dispatcher forwards the request to the author.
Login and other functionalities work fine. But when we try to impersonate another user we have an error. See screenshot.

The user is valid, the error shown is misleading.

On console in Chrome we have this error message:
granite.js:272 Mixed Content: The page at 'https://mysite.mydomain.com/sites.html/content/mysite' was loaded over HTTPS, but requested an insecure XMLHttpRequest
endpoint 'http://mysite.mydomain.com/home/users/d/USERIDCVFBGDNKLO.impersonate.json?_charset_=utf-8&impersonate=NAME&path=%2Fsites.html%2Fcontent%2Fmysite'.
This request has been blocked; the content must be served over HTTPS.
XMLHttpRequest.send @ granite.js:272
send @ jquery.js:10259
ajax @ jquery.js:9743
(anonymous) @ foundation.js:20026
dispatch @ jquery.js:5232
elemData.handle @ jquery.js:4884
If I do the same thing in http from http://mysite.mydomain.com/sites.html/content/mysite I have no errors and I can impersonate that user and others too.
I think that the browser here is blocking the redirect. The problem is due to the fact that the response which has a status code 302, in the response header has the location url in http instead of https.
I think that maybe this is due to the fact that the author receives the request in http on port 4502, so a solution could be to configure https on author.
But this would also mean to change load balancer configuration and firewall configuration. I would not incur into the risk that some consoles or functionalities are no longer working after https configuration.
Is there a way to force the location header in https with dispatcher or load balancer ?
Which solution is best ?

 

Regards.

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

1 reply

M
Megha_kumari
Level 2
March 11, 2025

Hi @alleotc ,

 

I faced the same issue, and it happens because AEM Author runs on HTTP (port 4502), so redirects include http://, which the browser blocks as mixed content. A quick fix is to force HTTPS in the Dispatcher by adding this rule in the vhost file:-

 

Header edit Location ^http://mysite.mydomain.com/(.*)$ https://mysite.mydomain.com/$1

 

For a more secure, long-term fix, enabling HTTPS on AEM Author and updating the Load Balancer to forward HTTPS is the best approach.

 

Thanks!

    AlleOTC
    AlleOTCAuthor
    Level 2
    March 11, 2025

    Hi @megha_kumari ,

    thanks for your reply.

    We will evaluate both solutions.

    I will reply again when we will implement a solution, but it will take time since we have a workaround and we have other priorities at the moment.

     

    Best regards.

    kautuk_sahni
    Community Manager
    kautuk_sahniCommunity Manager
    Community Manager
    April 11, 2025

    @alleotc Did you find the suggestion helpful? Please let us know if you need more information. If a response worked, kindly mark it as correct for posterity; alternatively, if you found a solution yourself, we’d appreciate it if you could share it with the community. Thank you!

    Kautuk Sahni
    Terms & ConditionsAccessibility statement

    Loading footer...