Menu
I'm currently using jQuery AJAX to GET a relative URL, without scheme/domain in front of it (e.g. '/js/get_international_popup/'. The response is also a relative URL when I view my location header before I return it.
When I test this locally, over HTTP, everything works as it should. However, once I test it on my live server, over HTTPS the response is blocked by Chrome, because it says it's insecure:
Mixed Content: The page at 'https://example.com/' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://example.com/js/get_international_popup/'. This request has been blocked; the content must be served over HTTPS.
From Chrome's viewpoint, my local test request/response went over HTTP, but my live test request went over HTTPS and got an HTTP response. I am unable to view Chrome's response on the live server, because it is blocked.
If I return a response with an absolute URL (including https://domain) everything seems to work fine, but I prefer not to use absolute URLs.
Does anyone know if there's a way to fix this issue using relative URLs?
992
How to fix your website. The best strategy to avoid mixed content blocking is to serve all the content as HTTPS instead of HTTP. For your own domain, serve all content as HTTPS and fix your links. Often, the HTTPS version of the content already exists and this just requires adding an "s" to links - http:// to https://.
Mixed content occurs when initial HTML is loaded over a secure HTTPS connection, but other resources (such as images, videos, stylesheets, scripts) are loaded over an insecure HTTP connection.
prepend this using javascript:
var relative_url = '/js/get_international_popup/';
var absolute_url = window.location.origin + relative_url;
$.ajax(absolute_url, function(){});
Ref: http://www.w3schools.com/jsref/prop_loc_origin.asp
Note: Not tested
61
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
