UMC web-session not secure due to mixed content


Dear reader,

We noticed that our website for UMC (Univention Management Console) wasn’t “secure”, due to mixed content being loaded from (see attachment "

Downloading a file at all is alright-ish (although I would like to know why such a very often used file is not put locally, tracking-bitmap kind of thought?), but making the HTTPS fail due to that is troublesome.

We solved by editing the file


changing line 10692 from http to https:

background: url("$20162001042724$/dijit/themes/umc/images/background-tile.png") repeat, #5a5a5a;

After a reload, the page fully loads as HTTPS. See attachment “UMC_HTTP_demo_background_02.PNG”

Can this please be adjusted in the package? :slight_smile:

Kind regards,



Thanks for your feedback. Indeed this seems to break the security context of a https website. There is nothing against it to always load that content via a secure connection so I opened an issue to fix it in a future erratum.

You can easily change that specific line by replacing the http → https.

…or use sed to do this for you:

root@ucs:/usr/share/univention-management-console-frontend/js/dijit/themes/umc# mv umc.css umc.css.orig; sed 's|url("http://|url("https://|g' <umc.css.orig >umc.css


For future reference, was this the right forum to post in? Or should it have been in the feeds and enhancements board?

Also, for the bravehearts:

sed -i

edits files in place, no need for redirects :slight_smile:





you could send such issues also at or open an issue by yourself at: but the forums are very fine with it too.

Kind Regards,