Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Web API Error - This request has been blocked; the content must be served over HTTPS

Tags:

google-chrome

asp.net-web-api

mixed-content

azure

angular5

We have deployed the api on azure and trying to consume in our web app written in angular 5. However when we try to consume the api we are getting following errors.

Chrome Mixed Content: The page at 'https://somedevapp.azurewebsites.net/#/managesomething' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://admindevapp.azurewebsites.net/api/data/getdata'. This request has been blocked; the content must be served over HTTPS.

Firefox Blocked loading mixed active content

Is this issue related to CORS? How to resolve this issue?

Any help on this appreciated!

like image 338
XamDev Avatar asked Sep 01 '18 18:09

XamDev

People also ask

How do you resolve this request has been blocked the content must be served over HTTPS?

This request has been blocked; the content must be served over HTTPS. Steps to Replicate: Create a page over HTTPS and make a request for HTTP Endpoint. Chrome has a security feature to block insecure content (HTTP) which is being loaded via a secure page (HTTPS).

How do you fix insecure content was loaded over HTTPS but requested an insecure resource?

You are trying to access via "http" on a "https" site, its best to use "https" content. You shouldn't access insecure data on a secure channel. Sometimes just use 'http' instead of 'https' can solve this issue.

How do I fix blocked mixed content?

How to fix your website. The best strategy to avoid mixed content blocking is to serve all the content as HTTPS instead of HTTP. For your own domain, serve all content as HTTPS and fix your links. Often, the HTTPS version of the content already exists and this just requires adding an "s" to links - http:// to https://.

2 Answers

If your web app is being hosted over HTTPs as you've indicated, then all external resources it is consuming (CDN, scripts, CSS files, API calls) should also use SSL and be secured through HTTPs. Think about it. It would defeat the purpose of your app being secure, if your app was in turn making insecure requests to an API.

You can either therefore:

  1. As Chrome suggests, change your API calls to use HTTPs (recommended)

  2. Use HTTP instead of HTTPs

  3. Add the following meta tag to your <head> element in your HTML:

    <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests" />

More information about this can be found here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/upgrade-insecure-requests.

like image 188
Mehdi Ibrahim Avatar answered Oct 20 '22 18:10

Mehdi Ibrahim

Use this ---- Add in your head section I will try this with my weather application & now it's working fine

<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
like image 16
Vishwajeet Singh Avatar answered Oct 20 '22 17:10

Vishwajeet Singh
Sign in to Comment

Related questions

C# LINQ .Any not working on DocumentDb CreateDocumentQuery
Friendly filename when public download Azure blob
How to debug Azure 500 internal server error [closed]
Azure Custom Controller / API .Net backend
How to set and read user environment variable in Azure DevOps Pipeline?
Second sign-in causes infinite redirect loop after the first successful login MVC .NET 5 OWIN ADAL OpenIDConnect
How to setup SSRS with an Azure SQL Server Database
Use Azure Application Insights with Azure WebJob
Difference between Service Principal and Managed Identities in Azure
Azure SQL Database vs. MS SQL Server on Dedicated Machine
Microsoft.WindowsAzure.Storage vs Microsoft.WindowsAzure.StorageClient
KeyVaultErrorException: Operation returned an invalid status code 'Forbidden'
Translate SQL Azure DTU to IOPS? [closed]
How to call another function with in an Azure function
Windows Azure for web developers vs Amazon EC2
How to prevent an Azure website from going to sleep?
How to Login without prompt?
Azure Active Directory as Domain Controller for Azure Virtual Machines
Does Azure Service Fabric do the same thing as Docker?
Read values from local.settings.json in VS 2017 Azure Function development

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!