Redirect from HTTPS to HTTP for ajax requests leads to failed profile functions

  • Replies:1
  • OpenNot stickiedUnanswered

Jan 6, 2014 11:26:51 PM via Website

It's currently impossible to change the login password if logged in using SSL. That's because the edit password button on the user profile page triggers an ajax request to "https://www.androidpit.com/en/android/community/userPassword" and receives a 301 redirect to "http://www.androidpit.com/en/android/community/userPassword" (without ssl and without session cookie) and fails (followed by a lightbox with the message "An unexpected error has occured.").
That's also the case for every other edit button and for the ajax request from the user activity component to "https://www.androidpit.com/en/android/community/user-load-activities". The only working button I found (I did not test that much ;)) is the add device button which posts to "https://www.androidpit.com/userDevice/popup".

May 8, 2014 3:51:24 PM via Website

If you need to change your password and are having issues with SSL, just don't use SSL while you change your password. If you have a browser extension, just disable it for a few moments. I've passed this on to IT as well, in case it's something broken on our end.