Certificate challenge
Users who have certificates in their browsers will receive a certificate challenge when they go to anything under /api/
. The certificate should not be required, but it's pretty annoying and most users won't know to just hit cancel (if they try to submit an invalid certificate, they will not be allowed access).
This is also happening on the main web view pages because the javascript makes calls to the API to get some information.