I know there is an almost duplicate question, but the answer is not satisfactory at all.
I need to do geocoding using the Openstreetmap service which runs over HTTP.
My site runs over HTTPS.
It seems impossible to do JSONP request from https to http, browser (Chrome) complains about insecure content.
Any solutions?
In order for something to redirect HTTPS to HTTP, something must be listening on the HTTPS port. Your client must first open a SSL/TLS connection to the port serving HTTPS, HTTP traffic is tunneled through the SSL/TLS connection and the server will respond with a redirect to the HTTP port.
JSONP stands for JSON with Padding. Requesting a file from another domain can cause problems, due to cross-domain policy. Requesting an external script from another domain does not have this problem. JSONP uses this advantage, and request files using the script tag instead of the XMLHttpRequest object.
We can only use JSONP when: The API itself supports JSONP . It needs to return the JSON response wrapped in a function and it usually lets us pass in the function name we want it to use as one of the query params. We can only use it for GET requests, it doesn't work for PUT / POST / DELETE and so on.
It works by dynamically adding a <script> tag to the DOM and calling a predefined function with the remote web service's JSON data as the parameter. The <script> tag is not subject to the same origin policy and therefore can request content cross-domain.
The reason that the browser complains about insecure content is that the content is insecure. The entire purpose with a secure page is that all of it is secure, and can be trusted.
You can set up a proxy page in your secure site that requests the insecure content. There you should verify the content before it's sent to the browser, so that it is actually secure, not just pretending to be secure.
If you want to make a POST request to an external service that runs under HTTP while the initial request is coming from HTTPS it will always be considered as insecure. There's, as far as I know, no way around it.
What you can do, is POST to your backend which send another POST request to the service that is running under HTTP. From there just return the value returned by the HTTP service.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With