How to fix mixed content error in Swagger?

Question

I am running Django RF backend application on Gunicorn. When trying to fetch data from Swagger I get "TypeError: Failed to fetch" In console this error is reported:

Mixed Content: The page at 'https://****.com/swagger/' was loaded over HTTPS, but requested an insecure resource 'http://****.com/v2/products/'. This request has been blocked; the content must be served over HTTPS.

I tried everything I found and could think of including: Adding

secure_scheme_headers = {
    'X-FORWARDED-PROTOCOL': 'ssl',
    'X-FORWARDED-PROTO': 'https',
    'X-FORWARDED-SSL': 'on'}

to Gunicorn

and

USE_X_FORWARDED_HOST = True
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')

to Django settings.

But nothing helps.

Swagger for Django: drf-yasg==1.12.1

zoran zoran · Accepted Answer · 2019-07-09T10:20:02

I found the solution. In Django settings add

SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True

# Security Headers
SECURE_CONTENT_TYPE_NOSNIFF = True
SECURE_HSTS_INCLUDE_SUBDOMAINS = True
SECURE_HSTS_PRELOAD = True
SECURE_HSTS_SECONDS = 3600

How to fix mixed content error in Swagger?

1 Answers