Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

The page was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint

I am calling a rest API from Https deployed Application to Http Rest API. I have written the logic in JavaScript by using Angular Js framework. The web service call got failed with the below message.

The page at 'https://********someurl****' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint

Requesting if any one can help me get out of this error.

like image 971
Joshua Paul Avatar asked Nov 29 '17 09:11

Joshua Paul


3 Answers

Workaround:

1- Click the shield icon in the far right of the address bar.

enter image description here

Allow mixed content in Google Chrome

2- In the pop-up window, click "Load anyway" or "Load unsafe script".

If you want to set your Chrome browser to ALWAYS(in all webpages) allow mixed content:

1- Close Chrome. Chrome must be fully closed before the next steps.

2- Right-click the Google Chrome desktop icon (or Start Menu link). Select Properties.

3- At the end of the existing information in the Target field, add: " --allow-running-insecure-content" (There is a space before the first dash.)

4- Click OK.

5- Open Chrome and try to launch the content that was blocked earlier. It should work now.

This is just workaround and you need to solve by securing both app and rest api.

like image 83
Pankaj Shinde Avatar answered Oct 01 '22 16:10

Pankaj Shinde


Use an https endpoint for your Rest API, otherwise you will end up with mixed content

  • HTTPS is important to protect both your site and your users from attack.
  • Mixed content degrades the security and user experience of your HTTPS site.
like image 24
klugjo Avatar answered Oct 01 '22 16:10

klugjo


If you are unable to switch to https, another solution is to set up a server side end point which you access via https, which then makes the call to the http url and returns the result. In other words, making your own little HTTPS proxy to the http resource

like image 21
Jack Avatar answered Sep 29 '22 16:09

Jack