WSO2 API console requested an insecure XMLHttpRequest endpoint

0
votes

Am using WSO2 API Manager 1.9.1 and have defined a service that can be access over both http and https. When I try to "test" it through the API Console under https://localhost:9443/store/apis/..., the API call fails as the REST AJAX call is send over http instead of https.

  • Chrome complains that the page was loaded over HTTPS but requested an insecure XMLHttpRequest. The request is blocked as it should be served over HTTPS.

  • Firefox likewise blocks the request with a "mixed active content" error.

  • Safari fails with a more obscure message: "Failed to load resource: The network connection was lost.".

A workaround is to set the API scheme to https only but this is not particularly desirable. Is there a fix or other way to cope with this issue?

1
ajaxapiwso2wso2-am

1 Answers

0
votes

This issue occurs when you're trying to access a HTTPS URL from the web browser but the end point is actually HTTP. This is not the default behavior of swagger console in API manager 1.9.

Usually when you are accessing from the web browser using HTTPS, API console (swagger console) calls an end point of HTTPS by default.

Try to expose the service as both HTTP and HTTPS(Manage Tab) when you are publishing an API.

Thanks

Ojith