Page loaded over HTTPS but requested an insecure XMLHttpRequest endpoint

38
votes

I have a page with some D3 javascript on. This page sits within a HTTPS website, but the certificate is self-signed.

When I load the page, my D3 visualisations do not show, and I get the error:

Mixed Content: The page at 'https://integration.jsite.com/data/vis' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://integration.jsite.com/data/rdata.csv'. This request has been blocked; the content must be served over HTTPS.

I did some research and all I found what the JavaScript will make the call with the same protocol that the page was loaded. So if page was loaded via https then the rdata.csv should also have been requested via https, instead it is requested as http.

Is this because the certificate is self-signed on the server? What I can do to fix this, other than installing a real SSL certificate?

6
javascripthttpsslhttps
Maybe CORS would help (for free and real SSL certs, check out letsencrypt...)n00dl3

6 Answers

27
votes

What I can do to fix this (other than installing a real SSL certificate).

You can't.

On an https webpage you can only make AJAX request to https webpage (With a certificate trusted by the browser, if you use a self-signed one, it will not work for your visitors)

16
votes

I had the same issue for my angular project, then I make it work in Chrome by changing the setting. Go to Chrome setting -->site setting -->Insecure content --> click add button of allow, then add your domain name [*.]XXXX.biz

Now problem will be solved.

0
votes

One solution here server side end point which you access via https, which then makes the call to whichever http url, and then and returns the result. In other words, making your own little HTTPS proxy to access the http resource

-1
votes

I had the same problem but from IIS in visual studio, I went to project properties -> Web -> and project url change http to https

-1
votes

I solved the problem adding a slash at the end of the requesting url

This way: '/data/180/' instead of: '/data/180'

-8
votes

this is easy,
if you use .htaccess , check http: for https: ,
if you use codeigniter, check config : url_base -> you url http change for https.....
I solved my problem.