Mixed-Origin Errors in GitHub Pull Request Decoration

Must-share information (formatted with Markdown):

  • SonarQube Developer Edition v7.9.1 (build 27448)
  • Pull Request Decoration on GitHub Enterprise

Although I have set the sonar.core.serverBaseURL to HTTPS, SonarQube still serves the PR Decoration static files (e.g. at /static/developer-server/checks/QualityGateBadge/failed.svg) in HTTP causing mixed-origin errors.

Both SonarQube and GitHub have SSL enabled - SonarQube is hosted behind an NGINX reverse proxy with SSL.

Is there a way to force SonarQube to write the JSON request that it posts to GitHub with HTTPS links for the static content (since the actual anchor links are in HTTPS)?


Welcome to the community!

This ticket was fixed in 8.0. Does it seem relevant?

SONAR-12329 - Missing icons in GitHub Enterprise PR decoration


Hi Ann,

I solved it by restarting the server after changing the serverBaseURL to HTTPS as mentioned in the workaround for https://jira.sonarsource.com/browse/SONAR-12329.


1 Like