Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Why are HTTP images not appearing in HTTPS application?

Tags:

javascript

asp.net

image

https

arcgis

I have secured (HTTPS) ASP.Net MVC 4 application that uses unsecured (HTTP) ArcGIS map services. These services are called using JavaScript to get relevant map images.

If I use HTTP for my app, everything works as expected. But if I use HTTPS, IE10 and Chrome do not display the requested map images (IE prompts to display unsecured content) but Safari shows the image, no questions asked.

As an example, say my application is https://app.mydomain.com and my map services are at http://gis.mydomain.com

I run fiddler and see the response as something like (removed some parameters to simplify): http://gis.mydomain.com/arcgis/rest/services/Energy/BaseService/MapServer/export?....&f=image but the image is not shown. If I enter this URL directly into my address bar, the expected image is shown.

There are no errors reported anywhere, including IIS 7.5 logs. I realize that mixed content is not ideal but I have no option at the moment. I have found lots of references to SilverLight with regard to this type of problem, but I am only using javascript and ASP.Net. I also compared the page source for both https and http - there is no difference.

like image 837
tr3v Avatar asked Jun 01 '26 07:06

tr3v

2 Answers

While browsing a secure site, the browser will not load "nonsecure items" unless you (the visitor) authorize it.

The only way to solve this from server-side is by making the "nonsecure" content secure, by placing it under a https domain aswell.

Update:

By the way, if you don't specify the protocol in the content URLs, for exemple //gis.mydomain.com without specifying if it is http:// or https://, the browser will automatically assume the same protocol that was used to access the website to load this content too.

So if you access with http:// it will load the dependencies using http:// as well, and if you use https:// it will do the same.

like image 75
Havenard Avatar answered Jun 02 '26 20:06

Havenard

Another way of getting around this is to proxy the insecure content via your (https) host. ESRI have some slightly out-of-date docco on this process (including an example ASP.Net proxy page) here, but most/all of it should still hold in the latest versions of the API. From memory, they recently (3.5?) made the proxy configurable on a per-service basis, which is very handy.

You can ignore the token-based authentication stuff in your case, all you're really looking for is to have the insecure content come through a secure host.

like image 32
Juffy Avatar answered Jun 02 '26 20:06

Juffy

Sign in to Comment

Related questions

JQuery: Table Row Show/Hide based on row
How to verify email before creating user?
React : POST and GET not found
D3 v4 force directed graph with rectangles
How to display rainbow message in console.log
An algorithm that finds a sequence of numbers to fill a square grid
Node js / MongoDB replica set array in javascript

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!