Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Page loaded over HTTPS but requested an insecure XMLHttpRequest endpoint

Tags:

javascript

http

xmlhttprequest

https

ssl

I have a page with some D3 javascript on. This page sits within a HTTPS website, but the certificate is self-signed.

When I load the page, my D3 visualisations do not show, and I get the error:

Mixed Content: The page at 'https://integration.jsite.com/data/vis' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://integration.jsite.com/data/rdata.csv'. This request has been blocked; the content must be served over HTTPS.

I did some research and all I found what the JavaScript will make the call with the same protocol that the page was loaded. So if page was loaded via https then the rdata.csv should also have been requested via https, instead it is requested as http.

Is this because the certificate is self-signed on the server? What I can do to fix this, other than installing a real SSL certificate?

like image 830
J86 Avatar asked May 23 '16 09:05

J86

5 Answers

What I can do to fix this (other than installing a real SSL certificate).

You can't.

On an https webpage you can only make AJAX request to https webpage (With a certificate trusted by the browser, if you use a self-signed one, it will not work for your visitors)

like image 161
Tom Avatar answered Nov 11 '22 06:11

Tom

I had the same issue for my angular project, then I make it work in Chrome by changing the setting. Go to Chrome setting -->site setting -->Insecure content --> click add button of allow, then add your domain name [*.]XXXX.biz

Now problem will be solved.

like image 32
user2791178 Avatar answered Nov 11 '22 06:11

user2791178

Steps to Allow Insecure Content in Chrome

To allow insecure content on individual sites within Chrome, click on the lock icon in the URL bar, then click 'Site settings'.

enter image description here

There you will see a list of various permissions the page has. Choose 'Allow' next to 'Insecure content'.

enter image description here

Now your HTTPS site can access HTTP endpoint

like image 21
Smack Alpha Avatar answered Nov 11 '22 06:11

Smack Alpha

I solved the problem adding a slash at the end of the requesting url

This way: '/data/180/' instead of: '/data/180'

like image 9
Flavio Lopes Avatar answered Nov 11 '22 08:11

Flavio Lopes

You will be able to solve the error by adding this code to your html file:

<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests" />

If any solutions don't work, try this solution.

like image 9
Kai - Kazuya Ito Avatar answered Nov 11 '22 06:11

Kai - Kazuya Ito
Sign in to Comment

Related questions

How to require a file other than the npm main file in node?
Embed google map is wrong displayed until resizing webpage
What are (potential) disadvantages of using meteor.js? [closed]
Dragging & Resizing CSS Transformed Elements
Are there any one-way hashing functions available in native JavaScript?
AngularJs force browser to clear cache [duplicate]
Yarn 5x slower on windows
Replace all elements in Knockout.js observableArray
Should a Promise.reject message be wrapped in Error?
Browser: Identifier X has already been declared
Determining a page is outdated on github pages
Single quote escape in JavaScript function parameters
Is there a way to create out of DOM elements in Web Worker?
How to use Protractor with Angular 2?
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
Axios interceptors and asynchronous login
Header message just like at Stack Overflow
If I set only a high index in an array, does it waste memory?
Require.js is hurting my brain. Some fundamental questions about the way it loads scripts/modules
Google Maps v3 API - Auto Complete (address)

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!