Whitelist http: content for Django application running SSL?

2
votes

In my Djanog web application I have added SSL security. Now In the django application I have integrated an external API which is running over http://.

This is the error i get after calling the external API. [blocked] The page at 'https://mywebsite.com' was loaded over HTTPS, but ran insecure content from 'http://api.external.com/moto.json?': this content should also be loaded over HTTPS.

Can anyone help me out here on how should i whitelist the required external domains. And I am running the application on Apache server. So will this have to be done in Apache settings or Django.

1
djangosslwhitelist

1 Answers

0
votes

Unfortunately this is something that is being done at the browser as is not something you can control from your application or your web server.

Here is the help article from Chome that explains this behavior:

Websites that ask for sensitive information, such as usernames and passwords, often use secure connections to transmit content to and from the computer you're using. If you're visiting a site via a secure connection, Google Chrome will verify that the content on the webpage has been transmitted safely. If it detects certain types of content on the page coming from insecure channels, it can automatically prevent the content from loading and you'll see a shield icon Insecure content shield icon appearing in the address bar. By blocking the content and possible security gaps, Chrome protects your information on the page from falling into the wrong hands.

The only way to stop this from happening is to access the API over HTTPS.