Symptoms:
Displaying "The server method 'GlobalNavigation_RetrieveWorkspaces' failed" error message on certain pages:
The error is browser-independent (Google Chrome, Mozilla Firefox, and Apple Safari all support this header), also it is not related to what role/permission user belongs to in Spira.
Background:
There are three main reasons why using the Upgrade-Insecure-Requests header helps mitigate various security risks associated with insecure HTTP connections:
1. Protecting user data
2. Preventing man-in-the-middle attacks
3. Enhancing website trustworthiness
The HTTP upgrade-insecure-requests Content Security Policy header is used to tell browsers to request things using HTTPS rather than HTTP.
Since HTTPS is more secure than HTTP, so changing a request from HTTP to a request using HTTPS is the “upgrade” procedure, so even if the webpage itself is using “http” to make that request, using upgrade-insecure-requests will override that and the browser will call the resource using https.
As a result you'll see the GlobalNavigation_RetrieveWorkspaces error message due to not all the responses are coming back via HTTPS.
Mostly, this kind of issue can be seen in Local networks with reverse proxy implemented.
Solution:
The fix for this issue is to allow upgrade-insecure-requests by setting the parameter to 1:
- Open Internet Information Services (IIS) Manager.
- Select the website you want to configure.
- Double-click on the “HTTP Response Headers” feature.
- Click on “Add” in the Actions pane.
- Enter “Upgrade-Insecure-Requests” as the name and “1” as the value.
- Click “OK” to save the changes.
Once implemented, the Upgrade-Insecure-Requests header will be sent with every HTTP response from the server, instructing the browser to upgrade the requests to HTTPS.