Mixed Content Warning on Basic Authentication Page (HTTP instead of HTTPS) #5009
Description
Hello,
A "Mixed Content" warning is experienced (indicated by a gray globe/info icon instead of a green padlock) on the built-in Nginx Proxy Manager Basic Authentication (Password Protection) page when accessing a host over HTTPS (port 443).
The SSL certificate is valid. The backend application works fine with HTTPS after logging in. The issue is specific to the NPM's custom login prompt page itself.
It seems the built-in authentication template is loading an asset (like an image or CSS file) using an absolute http:// URL instead of https:// or a relative URL.
To Reproduce:
- Set up a host in NPM with SSL enabled and "Access Lists" or "Basic Authentication" applied.
- Navigate to the host URL via HTTPS (pl. https://testpage.ddns.net).
- The browser displays the password prompt, but flags the connection as insecure due to mixed content.
Expected behavior:
The Basic Authentication prompt page should load all assets over HTTPS to display a secure green padlock icon.
Thank you for your help.