AJAX Blocked from chrome extension content_script

Question

i'm writing a chrome extension that use a content_script. the content script use XMLHttpRequest to send information about the page to my server, and base on that information the server respond with somethings that has to be done.

everything works well on http pages, but fail on http*s*.

The error i get is: [blocked] The page at '==https page==' was loaded over HTTPS, but ran insecure content from '===myserver - http===': this content should also be loaded over HTTPS.

If i will use https on my server will it work? even though it's a different domain? is there any way to do it without using ssl on my server?

Thanks.

Answer 1

Yes, you can only call https content from an https page. See these for help on mixed content issue :

• https://support.google.com/chrome/answer/1342714?hl=en
• http://kb.iu.edu/data/bdny.html

You can test your extension with mixed content by enabling it explicitly as instructed at:

• http://wiki.sln.suny.edu/display/SLNKB/Enabling+mixed+content+in+Google+Chrome

If you enable SSL/https on your web-server this will solve the issue for your users also. A cheaper and easier way to enable SSL on your server almost instantly would be to use Cloudflare.