request has been blocked; the content must be served over HTTPS

问题

I'm doing application with spring security and Spring MVC in back end and Angular in front end.
My problem is that I do the logged in correctly, but the problem in logged out I implemented correctly in my localhost: http://localhost:8080 worked without problem. When I change it to https:// I get this error:

Mixed Content: The page at '' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint ''. This request has been blocked; the content must be served over HTTPS.

I want to know how to correct that? And how to know which url blocked by https in the browser for example chrome?

回答1:

This post which gives a solution to your problem: http://www.learningthegoodstuff.com/2015/08/mixed-http-error-with-spring-security.html

All the details are explained there, basically all you have to do is add this two lines to my application.properties file:

server.tomcat.remote_ip_header=x-forwarded-for
server.tomcat.protocol_header=x-forwarded-proto

回答2:

I fixed by removing a forward slash from the end of a URL fixing everything.this is help me : GET request throws error after app implemented SSL: Mixed Content: This request has been blocked; the content must be served over HTTPS"

回答3:

This happens when the server is using http (non secured). You can fix it by enforcing https for all resources in the backend. Check here for more details.

回答4:

In @Jabir Minjibir's answer there is very good link to describe the error. As sum up, when your application works with httpS scheme you can't make visits to unsecure links which is http.

I got this error and fixed it like I wrote below:

Mixed Content: The page at 'https://stackblitz.com/' was loaded over HTTPS, but 
requested an insecure XMLHttpRequest endpoint 'http://172.19.0.62:920/'. 
This request has been blocked; the content must be served over HTTPS.

You can mask unsecure links with simple-https-proxy npm package. In my experience I was coding an angular sample on httpS://stackblitz.com and I was trying to connect to an Elasticsearch server which doesn't have a domain name. I needed to make it working with ssl but I couldn't modify it's scheme. Thus I installed a proxy which can work secure (httpS).

1. I installed the npm package:

npm i -g simple-https-proxy@latest

2. Then I created certificate:

simple-https-proxy --makeCerts=true

3. Then I ran it

simple-https-proxy --target=http://172.19.0.62:9200 --port=9201 --rewriteBodyUrls=false

In another example:

来源：https://stackoverflow.com/questions/51268942/request-has-been-blocked-the-content-must-be-served-over-https