there seem to be an issue in UrlUtils.cs, according to
http://www.dnnsoftware.com/forums/forumid/198/threadid/495676/scope/posts, please see Forum post for details.

This function here:
https://github.com/dnnsoftware/Dnn.Platform/blob/012dcf82ea23ebfa2f8484f369b0d15f3c5f7590/DNN%20Platform/Library/Common/Utilities/UrlUtils.cs#L220

It does not honor the SSL offloading header. It should check for this instead of just returning the link in the same url as it's delivered.

Steps to reproduce:

Setup your site with SSL offloading. Links to Edit Content (any popup) will open in http://. This is fine, except if you're serving SSL content it violates the same origin policy (iframe on same domain is blocked if the protocol is different.) This results in a blank popup.

[blocked] The page at 'https://www.harboria.com/' was loaded over HTTPS, but ran insecure content from 'http://www.harboria.com/home/ctl/edit...': this content should also be loaded over HTTPS.

An example of the proper way to do this is in the DNN source code here:

https://github.com/dnnsoftware/Dnn.Platform/blob/012dcf82ea23ebfa2f8484f369b0d15f3c5f7590/DNN%20Platform/Modules/Journal/Components/JournalParser.cs#L55