Have set tomcat to serve SSL on :8443 and disabled 8080. All working fine except that calls to cde-embed.js returns javascript with urls for files that all start with HTTP instead of HTTPS and therefore flag unsafe script blocks.

The fully qualified url and context path are also incorrect.

I have set server.properties to: fully-qualified-server-url=https://pentaho.motiv.io:8443/pentaho/
Running 7.0 community edition.

Works fine if I replace cde-embed.js calls with my own local script with corrected content. Except there are some details included that look dynamic - i'm not sure if this will be a problem in the future?