I have been trying to migrate my site from divshot to firebase, since firebase has taken over divshot and shut it down. Mine is a simple read only site that does not need https. It also contains links to external sites which do not support https. The site worked perfectly on divshot but it looks like firebase forces all sites to use https. Unfortunately, this causes the external sites that my site references to fail loading. The error being: <blockquote> Mixed Content: The page at 'https://mysite.firebaseapp.com/' was loaded over HTTPS, but requested an insecure resource 'http://www.externalsite.com/'. This request has been blocked; the content must be served over HTTPS. </blockquote> I tried to remove the http: so the external site is just //www.externalsite.com/, but this causes certificate errors. I can't change it to https since this external site doesn't support it. Is there any way around this problem?

The short answer is no. This is completely by design. It's a security flaw to allow http on a https site. Therefore it's blocked. However, <ul> <li> Solution 1: Find a https version of resource This might not be possible in your case.</li> <li> Solution 2: convert resource to https It might be possible to host the file or resource yourself with https. This may require you to copy a file or something, which I say carefully, don't pirate stuff that you shouldn't.</li> <li> Solution 3: Redirect This one is probably the most involved solution to do but if you are trying to access some service then you could make your own service to redirect it. You are on firebase which means you could probably hack together some cloud function to make a http request (How to make an HTTP request in Cloud Functions for Firebase?) </li> <li> Solution 4: Don't use Firebase Don't want to do any of the above and you can't live with out the http call? You might just dump firebase and move to some other hosting service. </li> </ul> Hope you find this helpful it might not be the answer your looking for but it might point you in the right direction.

Can sites on Firebase hosting include non-https resources?

Tags:

firebase

web

firebase-hosting

I have been trying to migrate my site from divshot to firebase, since firebase has taken over divshot and shut it down.

Mine is a simple read only site that does not need https. It also contains links to external sites which do not support https. The site worked perfectly on divshot but it looks like firebase forces all sites to use https. Unfortunately, this causes the external sites that my site references to fail loading. The error being:

Mixed Content: The page at 'https://mysite.firebaseapp.com/' was loaded over HTTPS, but requested an insecure resource 'http://www.externalsite.com/'. This request has been blocked; the content must be served over HTTPS.

I tried to remove the http: so the external site is just //www.externalsite.com/, but this causes certificate errors. I can't change it to https since this external site doesn't support it.

Is there any way around this problem?

461

asked Dec 30 '15 05:12

Bob Hogan

1 Answers

The short answer is no. This is completely by design. It's a security flaw to allow http on a https site. Therefore it's blocked.

However,

Solution 1: Find a https version of resource This might not be possible in your case.
Solution 2: convert resource to https It might be possible to host the file or resource yourself with https. This may require you to copy a file or something, which I say carefully, don't pirate stuff that you shouldn't.
Solution 3: Redirect This one is probably the most involved solution to do but if you are trying to access some service then you could make your own service to redirect it. You are on firebase which means you could probably hack together some cloud function to make a http request (How to make an HTTP request in Cloud Functions for Firebase?)
Solution 4: Don't use Firebase Don't want to do any of the above and you can't live with out the http call? You might just dump firebase and move to some other hosting service.

Hope you find this helpful it might not be the answer your looking for but it might point you in the right direction.

144

answered Sep 27 '22 23:09

Niles Tanner

Related questions
                            
                                Firebase does not sync offline cache if the app is killed
                            
                                Purpose of Android/Firebase Debug signing certificate SHA-1
                            
                                Get data ordered by document Id descending in Firestore
                            
                                Enabling Debug Mode for Firebase Analytics for Flutter
                            
                                How to use Firebase query equalTo(value, key)?
                            
                                Firestore: Joins vs Firestore pricing
                            
                                Handling Firebase ID tokens on the client side with vanilla JavaScript
                            
                                Firebase Android onAuthStateChanged() fire twice after signInWithEmailAndPassword()
                            
                                V/FA: Processing queued up service tasks: 1 followed by V/FA: Inactivity, disconnecting from AppMeasurementService
                            
                                Is it possible to read Firebase data without attaching any listeners?
                            
                                Negation in condition while sending FCM message
                            
                                Firestore get documents where value not in array?
                            
                                Is Firebase an all-purpose database?
                            
                                How to design a Cloud Firestore database schema
                            
                                Firestore rules for document field
                            
                                Android/Firebase - Error while parsing timestamp in GCM event - Null timestamp
                            
                                iOS Firebase IS_ADS_ENABLED flag in GoogleService-Info.plist file
                            
                                How to query one field then order by another one in Firebase cloud Firestore?
                            
                                How to delete outdated Firebase Cloud function containers from GC Storage?
                            
                                Redirect to Firebase Hosting custom domain

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!

Donate Us With