https://kolab.org/hub/topic/256/kolab-behind-a-reverse-proxy
Mixed Content: The page at 'https://webmail.xxx.eu/r9V5Cj8YOuTjxU6M/?_task=files&_action=open&_file=Files%2Ftest.txt&_viewer=6&_extwin=1' was loaded over HTTPS, but requested an insecure resource 'http://webmail.xxx.eu/chwala//api/?method=file_get&file=Files%2Ftest.txt&token=irmgba67f3vj522lhlrgdfq3b3&viewer=text'. This request has been blocked; the content must be served over HTTPS.
The Kolab server is located behind a ssl terminating reverse proxy, so the Kolab server seems to think that the request came over HTTP instead of HTTPS.
There's a fix proposed in the issue. However, the real fix will be more generic replacing file_utils::script_uri() use with something that uses configured file_api_uri and rcube_utils::resolve_url() (which internally uses rcube_utils::https_check()).