MixedContent when I'm loading https page through ajax, but browser still thinks it's http

▼魔方 西西 提交于 2019-12-19 17:35:07

问题


After Installing SSL Cert on a web page, I had the problem where the page served with https would require http endpoint with ajax. I'm using restangular, and I changed the base url to have https.

    var uri = location.protocol + "//" + location.host;
    RestangularProvider.setBaseUrl(uri);

The interesting part is that, when I see the request in the chrome developer tools i see

Request URL:https://theaddress.com/api/endpoint
Request Headers
Provisional headers are shown
Accept:application/json, text/plain, */*
Referer:https://theadress.com/somepage
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.93 Safari/537.36
X-Requested-With:XMLHttpRequest

So the request should be an https one, yet I still get:

Mixed Content: The page at 'https://theaddress.com/somepage' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://theadress.com/api/endpoint'. This request has been blocked; the content must be served over HTTPS.

Also I should mention, this happens on prod server, but on my local test it works fine ( I have self signed ssl cert ) after I have made it use base url that includes https.

What could be the problem?


回答1:


I just spent a good 4 hours trying to fix a similar problem. Here's what solved mine:

Summary: add a trailing '/' to your request

I found this post useful in fixing my problem. Basically, the server doesn't care if you send your request with a trailing '/' or not, because it internally routes to '/' if you don't add it. However, if the routing is happening internally (e.g. nginx passing the request to a local process), you get an http redirect which will make your request fail.




回答2:


I tried @Kadi's fix of adding a slash, and it worked, but a more elegant solution for me was to change the request from GET to POST, which also fixed the issue.

Still not sure what the root cause was.



来源:https://stackoverflow.com/questions/28197528/mixedcontent-when-im-loading-https-page-through-ajax-but-browser-still-thinks

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!